{ "threat_severity" : "Moderate", "public_date" : "2019-08-23T00:00:00Z", "bugzilla" : { "description" : "xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source", "id" : "1764658", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1764658" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4." ], "affected_release" : [ { "product_name" : "Red Hat Fuse 7.7.0", "release_date" : "2020-07-28T00:00:00Z", "advisory" : "RHSA-2020:3192", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "camel-xmlsecurity" }, { "product_name" : "Red Hat Fuse 7.7.0", "release_date" : "2020-07-28T00:00:00Z", "advisory" : "RHSA-2020:3192", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "xmlsec" }, { "product_name" : "Red Hat JBoss EAP 7.2", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0811", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2", "package" : "xmlsec" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-activemq-artemis-0:2.9.0-2.redhat_00009.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00003.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-jaxb-0:2.3.3-4.b02_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-glassfish-jsf-0:2.3.5-7.SP3_redhat_00005.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hal-console-0:3.0.20-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-hibernate-0:5.3.15-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-infinispan-0:9.3.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-ironjacamar-0:1.4.20-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jackson-databind-0:2.9.10.2-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-ejb-client-0:4.0.28-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-remoting-0:5.0.17-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-jboss-server-migration-0:1.3.1-8.Final_redhat_00009.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-23.SP12_redhat_00012.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-stax2-api-0:4.2.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-sun-istack-commons-0:3.0.10-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-0:7.2.7-4.GA_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-http-client-0:1.0.20-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.9-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-woodstox-core-0:6.0.3-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0804", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package" : "eap7-xml-security-0:2.1.4-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-activemq-artemis-0:2.9.0-2.redhat_00009.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-jaxb-0:2.3.3-4.b02_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-glassfish-jsf-0:2.3.5-7.SP3_redhat_00005.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hal-console-0:3.0.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-hibernate-0:5.3.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-infinispan-0:9.3.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-ironjacamar-0:1.4.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jackson-databind-0:2.9.10.2-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-ejb-client-0:4.0.28-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-remoting-0:5.0.17-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-jboss-server-migration-0:1.3.1-8.Final_redhat_00009.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-23.SP12_redhat_00012.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-stax2-api-0:4.2.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-sun-istack-commons-0:3.0.10-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-0:7.2.7-4.GA_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-http-client-0:1.0.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-woodstox-core-0:6.0.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0805", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package" : "eap7-xml-security-0:2.1.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-activemq-artemis-0:2.9.0-2.redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-el-0:3.0.1-4.b08_redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-jaxb-0:2.3.3-4.b02_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-glassfish-jsf-0:2.3.5-7.SP3_redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hal-console-0:3.0.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-hibernate-0:5.3.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-infinispan-0:9.3.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-ironjacamar-0:1.4.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jackson-databind-0:2.9.10.2-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-ejb-client-0:4.0.28-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-remoting-0:5.0.17-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-jboss-server-migration-0:1.3.1-8.Final_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-picketlink-bindings-0:2.5.5-23.SP12_redhat_00012.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-stax2-api-0:4.2.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-sun-istack-commons-0:3.0.10-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-0:7.2.7-4.GA_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-http-client-0:1.0.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-woodstox-core-0:6.0.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date" : "2020-03-12T00:00:00Z", "advisory" : "RHSA-2020:0806", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package" : "eap7-xml-security-0:2.1.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Single Sign-On 7.3", "release_date" : "2020-03-23T00:00:00Z", "advisory" : "RHSA-2020:0951", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.3", "package" : "xmlsec" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-05-18T00:00:00Z", "advisory" : "RHSA-2020:2067", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat JBoss BRMS 5", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "camel-xmlsecurity", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "camel-xmlsecurity", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat JBoss SOA Platform 5", "fix_state" : "Out of support scope", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_soa_platform:5" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "xmlsec", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-12400\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12400" ], "name" : "CVE-2019-12400", "csaw" : false }