{ "threat_severity" : "Moderate", "public_date" : "2020-01-31T00:00:00Z", "bugzilla" : { "description" : "netty: compression/decompression codecs don't enforce limits on buffer allocation sizes", "id" : "1816216", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-119->CWE-400", "details" : [ "The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.", "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool." ], "statement" : "In OpenShift Container Platform end users don't have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn't necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "affected_release" : [ { "product_name" : "AMQ Clients 2.y for RHEL 6", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el6", "package" : "qpid-cpp-0:1.36.0-30.el6_10amq", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 6", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el6", "package" : "qpid-proton-0:0.31.0-3.el6_10", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 7", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el7", "package" : "qpid-cpp-0:1.36.0-30.el7amq", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 7", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el7", "package" : "qpid-proton-0:0.31.0-3.el7", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 7", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el7", "package" : "rubygem-qpid_proton-0:0.31.0-2.el7", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 8", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el8", "package" : "nodejs-rhea-0:1.0.21-1.el8", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 8", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el8", "package" : "qpid-cpp-0:1.39.0-5.el8amq", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 8", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el8", "package" : "qpid-proton-0:0.31.0-3.el8", "impact" : "low" }, { "product_name" : "AMQ Clients 2.y for RHEL 8", "release_date" : "2020-06-17T00:00:00Z", "advisory" : "RHSA-2020:2605", "cpe" : "cpe:/a:redhat:a_mq_clients:2::el8", "package" : "rubygem-qpid_proton-0:0.31.0-2.el8", "impact" : "low" }, { "product_name" : "EAP-CD 20 Tech Preview", "release_date" : "2020-08-31T00:00:00Z", "advisory" : "RHSA-2020:3585", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd:20", "package" : "netty" }, { "product_name" : "Red Hat AMQ", "release_date" : "2020-06-25T00:00:00Z", "advisory" : "RHSA-2020:2751", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "netty", "impact" : "low" }, { "product_name" : "Red Hat AMQ", "release_date" : "2020-07-23T00:00:00Z", "advisory" : "RHSA-2020:3133", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat AMQ Online 1.4.1 GA", "release_date" : "2020-04-22T00:00:00Z", "advisory" : "RHSA-2020:1538", "cpe" : "cpe:/a:redhat:amq_online:1.4", "package" : "netty", "impact" : "low" }, { "product_name" : "Red Hat AMQ Streams 1.5.0", "release_date" : "2020-06-19T00:00:00Z", "advisory" : "RHSA-2020:2618", "cpe" : "cpe:/a:redhat:amq_streams:1", "package" : "netty", "impact" : "moderate" }, { "product_name" : "Red Hat build of Quarkus 1.7.5", "release_date" : "2020-10-14T00:00:00Z", "advisory" : "RHSA-2020:4252", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "netty" }, { "product_name" : "Red Hat Data Grid", "release_date" : "2020-09-03T00:00:00Z", "advisory" : "RHSA-2020:3626", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "netty" }, { "product_name" : "Red Hat Data Grid 7.3.7", "release_date" : "2020-09-17T00:00:00Z", "advisory" : "RHSA-2020:3779", "cpe" : "cpe:/a:redhat:jboss_data_grid:7.3", "package" : "netty" }, { "product_name" : "Red Hat Decision Manager 7", "release_date" : "2020-07-29T00:00:00Z", "advisory" : "RHSA-2020:3196", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.8", "package" : "netty" }, { "product_name" : "Red Hat Fuse 7.8.0", "release_date" : "2020-12-16T00:00:00Z", "advisory" : "RHSA-2020:5568", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "netty" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3464", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3461", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3462", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-08-17T00:00:00Z", "advisory" : "RHSA-2020:3463", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Process Automation 7", "release_date" : "2020-07-29T00:00:00Z", "advisory" : "RHSA-2020:3197", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8", "package" : "netty" }, { "product_name" : "Red Hat Satellite 6.9 for RHEL 7", "release_date" : "2021-04-21T00:00:00Z", "advisory" : "RHSA-2021:1313", "cpe" : "cpe:/a:redhat:satellite:6.9::el7", "package" : "candlepin-0:3.1.26-1.el7sat", "impact" : "low" }, { "product_name" : "Red Hat Single Sign-On 7.4.2", "release_date" : "2020-08-18T00:00:00Z", "advisory" : "RHSA-2020:3501", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.4", "package" : "netty" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-04-30T00:00:00Z", "advisory" : "RHSA-2020:1422", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "netty" } ], "package_state" : [ { "product_name" : "Red Hat Fuse 7", "fix_state" : "Affected", "package_name" : "karaf-transaction-manager-narayana", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "impact" : "low" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "netty", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "netty", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "openshift3/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:3.11", "impact" : "moderate" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "moderate" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-11612\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11612" ], "name" : "CVE-2020-11612", "csaw" : false }