{ "threat_severity" : "Moderate", "public_date" : "2020-10-13T00:00:00Z", "bugzilla" : { "description" : "picketbox: JBoss EAP reload to admin-only mode allows authentication bypass", "id" : "1848533", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1848533" }, "cvss3" : { "cvss3_base_score" : "5.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-287", "details" : [ "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.", "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability." ], "acknowledgement" : "This issue was discovered by Darran Lofthouse (Red Hat).", "affected_release" : [ { "product_name" : "EAP 7.3.3", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "picketbox" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-artemis-native-1:1.0.2-3.redhat_1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-velocity-0:2.2.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4244", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-artemis-native-1:1.0.2-3.redhat_1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-velocity-0:2.2.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-activemq-artemis-0:2.9.0-5.redhat_00011.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-activemq-artemis-native-1:1.0.2-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-commons-codec-0:1.14.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-commons-lang-0:3.10.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-apache-cxf-0:3.3.7-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-artemis-native-1:1.0.2-3.redhat_1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-bouncycastle-0:1.65.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-glassfish-jsf-0:2.3.9-11.SP12_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hal-console-0:3.2.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hibernate-0:5.3.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-httpcomponents-client-0:4.5.12-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-httpcomponents-core-0:4.4.13-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jberet-0:1.3.7-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-invocation-0:1.5.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-logmanager-0:2.1.17-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-2.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-xnio-base-0:3.7.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jgroups-0:4.1.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-narayana-0:5.9.9-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-picketbox-0:5.0.3-8.Final_redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-picketlink-bindings-0:2.5.5-25.SP12_redhat_00013.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-snakeyaml-0:1.26.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.31-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-velocity-0:2.2.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.3-4.GA_redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-transaction-client-0:1.1.13-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ws-commons-XmlSchema-0:2.2.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2020-10-13T00:00:00Z", "advisory" : "RHSA-2020:4245", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-xerces-j2-0:2.12.0-2.SP03_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.3", "release_date" : "2020-11-04T00:00:00Z", "advisory" : "RHSA-2020:4931", "cpe" : "cpe:/a:redhat:jboss_single_sign_on:7.4", "package" : "picketbox" }, { "product_name" : "Text-Only RHOAR", "release_date" : "2020-12-16T00:00:00Z", "advisory" : "RHSA-2020:5361", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Affected", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Will not fix", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Affected", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "picketbox", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-14299\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14299" ], "name" : "CVE-2020-14299", "csaw" : false }