{"containers": {"cna": {"affected": [{"product": "Wildfly", "vendor": "n/a", "versions": [{"status": "affected", "version": "before wildfly-elytron-1.6.8.Final-redhat-00001"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T13:06:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20201001-0005/"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:46:30.892Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20201001-0005/"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-1748", "datePublished": "2020-09-16T15:27:36", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2024-08-04T06:46:30.892Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*", "matchCriteriaId": "F158B2B3-8DAB-4984-A211-F032E9FD584C", "versionEndExcluding": "1.6.8.final-redhat-00001", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "68146098-58F8-417E-B165-5182527117C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en todas las versiones compatibles anteriores a wildfly-elytron-1.6.8.Final-redhat-00001, donde las comprobaciones de la funci\u00f3n WildFlySecurityManager son omitidas cuando se usan administradores de seguridad personalizados, resultando en una autorizaci\u00f3n inapropiada. Este fallo conlleva a una exposici\u00f3n de una informaci\u00f3n mediante el acceso no autenticado hacia unos recursos seguros"}], "id": "CVE-2020-1748", "lastModified": "2022-04-28T18:33:01.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-16T16:15:14.950", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20201001-0005/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3779", "cpe": "cpe:/a:redhat:jboss_data_grid:7.3", "package": "wildfly", "product_name": "Red Hat Data Grid 7.3.7", "release_date": "2020-09-17T00:00:00Z"}, {"advisory": "RHSA-2020:3642", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2.0", "package": "wildfly", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3464", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3.0", "package": "wildfly", "product_name": "Red Hat JBoss Enterprise Application Platform 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3637", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el6", "package": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3638", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el7", "package": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-elytron-web-0:1.2.5-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-glassfish-jsf-0:2.3.5-13.SP3_redhat_00011.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hal-console-0:3.0.23-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jackson-databind-0:2.9.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-jsf-api_2.3_spec-0:2.3.5-7.SP2_redhat_00005.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-modules-0:1.8.10-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-server-migration-0:1.3.1-13.Final_redhat_00014.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-jboss-xnio-base-0:3.7.6-4.SP3_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-resteasy-0:3.6.1-10.SP9_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-weld-core-0:3.0.6-4.Final_redhat_00004.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-0:7.2.9-4.GA_redhat_00003.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-elytron-0:1.6.8-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3639", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.2::el8", "package": "eap7-wildfly-transaction-client-0:1.1.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3461", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3462", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-dom4j-0:2.1.3-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-elytron-web-0:1.6.2-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-glassfish-jsf-0:2.3.9-11.SP11_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hal-console-0:3.2.9-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hibernate-0:5.3.17-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hibernate-validator-0:6.0.20-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-infinispan-0:9.4.19-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-ironjacamar-0:1.4.22-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-annotations-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-core-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-databind-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-modules-base-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jackson-modules-java8-0:2.10.4-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-genericjms-0:2.0.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-jsf-api_2.3_spec-0:3.0.0-4.SP04_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-logmanager-0:2.1.15-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-server-migration-0:1.7.1-7.Final_redhat_00009.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-xnio-base-0:3.7.8-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-netty-0:4.1.48-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-undertow-0:2.0.30-4.SP4_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-0:7.3.2-4.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-common-0:1.5.2-1.Final_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-elytron-0:1.10.7-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3463", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-http-client-0:1.0.22-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2020-08-17T00:00:00Z"}, {"advisory": "RHSA-2020:3501", "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.4", "product_name": "Red Hat Single Sign-On 7.4.2", "release_date": "2020-08-18T00:00:00Z"}, {"advisory": "RHSA-2020:4960", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.9", "package": "wildfly", "product_name": "RHDM 7.9.0", "release_date": "2020-11-05T00:00:00Z"}, {"advisory": "RHSA-2020:4961", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.9", "package": "wildfly", "product_name": "RHPAM 7.9.0", "release_date": "2020-11-05T00:00:00Z"}, {"advisory": "RHSA-2020:3539", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "product_name": "Text-Only RHOAR", "release_date": "2020-09-02T00:00:00Z"}], "bugzilla": {"description": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "id": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-285", "details": ["A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources."], "name": "CVE-2020-1748", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "wildfly", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "jbossas", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "wildfly", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Out of support scope", "package_name": "jbossas", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jbossas", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd", "fix_state": "Out of support scope", "package_name": "wildfly", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "wildfly", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "wildfly", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Out of support scope", "package_name": "jbossas", "product_name": "Red Hat JBoss SOA Platform 5"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "package_name": "wildfly", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "wildfly", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2020-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-1748\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1748"], "threat_severity": "Moderate"}