cvelistv5 - cve-2019-17195

CVE-2019-17195 (GCVE-0-2019-17195)

Vulnerability from cvelistv5

Published

2019-10-15 13:42

Modified

2024-08-05 01:33

Severity ?

CWE

Summary

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2019-17195

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-17195

Aliases

CVE-2019-17195

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-17195",
    "description": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.",
    "id": "GSD-2019-17195",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:1308"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-17195"
      ],
      "details": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.",
      "id": "GSD-2019-17195",
      "modified": "2023-12-13T01:23:44.611439Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-17195",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
          },
          {
            "name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
            "refsource": "CONFIRM",
            "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
          },
          {
            "name": "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
            "refsource": "CONFIRM",
            "url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
          },
          {
            "name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
          },
          {
            "name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,7.9)",
          "affected_versions": "All versions before 7.9",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-755",
            "CWE-937"
          ],
          "date": "2022-02-08",
          "description": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.",
          "fixed_versions": [
            "7.9"
          ],
          "identifier": "CVE-2019-17195",
          "identifiers": [
            "GHSA-f6vf-pq8c-69m4",
            "CVE-2019-17195"
          ],
          "not_impacted": "All versions starting from 7.9",
          "package_slug": "maven/com.nimbusds/nimbus-jose-jwt",
          "pubdate": "2019-10-16",
          "solution": "Upgrade to version 7.9 or above.",
          "title": "Improper Handling of Exceptional Conditions",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-17195",
            "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
            "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
            "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E",
            "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E",
            "https://www.oracle.com/security-alerts/cpuapr2020.html",
            "https://www.oracle.com/security-alerts/cpujan2021.html",
            "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E",
            "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E",
            "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E",
            "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E",
            "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E",
            "https://www.oracle.com/security-alerts/cpuApr2021.html",
            "https://www.oracle.com//security-alerts/cpujul2021.html",
            "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "https://www.oracle.com/security-alerts/cpujan2022.html",
            "https://github.com/advisories/GHSA-f6vf-pq8c-69m4"
          ],
          "uuid": "b7daa485-3888-4264-966a-03d9c9e9a56e"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "18.8.11",
                "versionStartIncluding": "18.8.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.2.22",
                "versionStartIncluding": "12.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.1",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.2.5.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17195"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
            },
            {
              "name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
            },
            {
              "name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
            },
            {
              "name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
            },
            {
              "name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "N/A",
              "refsource": "N/A",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-07T18:40Z",
      "publishedDate": "2019-10-15T14:15Z"
    }
  }
}

ghsa-f6vf-pq8c-69m4

Vulnerability from github

Published

2019-10-16 18:31

Modified

2022-02-08 22:07

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.nimbusds:nimbus-jose-jwt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-17195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-10-16T15:26:53Z",
    "nvd_published_at": "2019-10-15T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.",
  "id": "GHSA-f6vf-pq8c-69m4",
  "modified": "2022-02-08T22:07:38Z",
  "published": "2019-10-16T18:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17195"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
    },
    {
      "type": "PACKAGE",
      "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT"
}

rhsa-2020:1308

Vulnerability from csaf_redhat

Published

2020-04-02 16:33

Modified

2025-08-03 21:32

Summary

Red Hat Security Advisory: Red Hat Virtualization Engine security, bug fix 4.3.9

Notes

Topic

An update is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The org.ovirt.engine-root is a core component of oVirt. The following packages have been upgraded to a later upstream version: org.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8), ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0), ovirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui (1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). (BZ#1767333, BZ#1776722, BZ#1779587, BZ#1779631) Security Fix(es): * CVE-2019-17195 * CVE-2019-10086 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are versioned templates in database (BZ#1688781) * [ovirt-fast-forward-upgrade] Error: ovirt-engine-setup-plugin-ovirt-engine conflicts with ovirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979) * Users immediately logged out from User portal due to negative UserSessionTimeOutInterval (BZ#1757423) * Fluentd error when stopping metrics services through playbook on 4.3 (BZ#1772506) * [downstream clone - 4.3.8] From VM Portal, users cannot create Operating System Windows VM. (BZ#1773580) * MERGE_STATUS fails with 'Invalid UUID string: mapper' when Direct LUN that already exists is hot-plugged [RHV clone - 4.3.8] (BZ#1779664) * Metric Store reports all hosts in Default cluster regardless of cluster assignment. (BZ#1780234) Enhancement(s): * RFE for offline installation of RHV Metrics Store (BZ#1711873) * [RFE] Compare storage with database for discrepancies (BZ#1739106) * [RFE] RHV+Metrics Store - Support a Flat DNS environment without subdomains (BZ#1782412)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat Virtualization Engine 4.3.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The org.ovirt.engine-root is a core component of oVirt.\n\nThe following packages have been upgraded to a later upstream version: org.ovirt.engine-root (4.3.8.2), ovirt-engine-dwh (4.3.8), ovirt-engine-metrics (1.3.6.1), ovirt-fast-forward-upgrade (1.0.0), ovirt-imageio-common (1.5.3), ovirt-imageio-proxy (1.5.3), ovirt-web-ui (1.6.0), rhv-log-collector-analyzer (0.2.15), v2v-conversion-host (1.16.0). (BZ#1767333, BZ#1776722, BZ#1779587, BZ#1779631)\n\nSecurity Fix(es):\n\n* CVE-2019-17195\n* CVE-2019-10086\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [downstream clone - 4.4.0] Upgrade from 4.3 to 4.4 will fail if there are versioned templates in database (BZ#1688781)\n\n* [ovirt-fast-forward-upgrade] Error: ovirt-engine-setup-plugin-ovirt-engine conflicts with ovirt-engine-4.2.5.2-0.1.el7ev.noarch (BZ#1754979)\n\n* Users immediately logged out from User portal due to negative UserSessionTimeOutInterval (BZ#1757423)\n\n* Fluentd error when stopping metrics services through playbook on 4.3 (BZ#1772506)\n\n* [downstream clone - 4.3.8] From  VM Portal, users cannot create Operating System Windows VM. (BZ#1773580)\n\n* MERGE_STATUS fails with \u0027Invalid UUID string: mapper\u0027 when Direct LUN that already exists is hot-plugged [RHV clone - 4.3.8] (BZ#1779664)\n\n* Metric Store reports all hosts in Default cluster regardless of cluster assignment. (BZ#1780234)\n\nEnhancement(s):\n\n* RFE for offline installation  of RHV Metrics Store (BZ#1711873)\n\n* [RFE] Compare storage with database for discrepancies (BZ#1739106)\n\n* [RFE] RHV+Metrics Store - Support a Flat DNS environment without subdomains (BZ#1782412)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:1308",
        "url": "https://access.redhat.com/errata/RHSA-2020:1308"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "1752522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752522"
      },
      {
        "category": "external",
        "summary": "1764791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764791"
      },
      {
        "category": "external",
        "summary": "1767483",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
      },
      {
        "category": "external",
        "summary": "1789737",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789737"
      },
      {
        "category": "external",
        "summary": "1792874",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792874"
      },
      {
        "category": "external",
        "summary": "1797496",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797496"
      },
      {
        "category": "external",
        "summary": "1801310",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801310"
      },
      {
        "category": "external",
        "summary": "1808038",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808038"
      },
      {
        "category": "external",
        "summary": "1808607",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1808607"
      },
      {
        "category": "external",
        "summary": "1809470",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809470"
      },
      {
        "category": "external",
        "summary": "1810527",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810527"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1308.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization Engine security, bug fix 4.3.9",
    "tracking": {
      "current_release_date": "2025-08-03T21:32:46+00:00",
      "generator": {
        "date": "2025-08-03T21:32:46+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2020:1308",
      "initial_release_date": "2020-04-02T16:33:32+00:00",
      "revision_history": [
        {
          "date": "2020-04-02T16:33:32+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-04-02T16:33:32+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-03T21:32:46+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHV-M 4.3",
                "product": {
                  "name": "RHV-M 4.3",
                  "product_id": "7Server-RHV-S-4.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhev_manager:4.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Tools for RHV Engine",
                "product": {
                  "name": "Tools for RHV Engine",
                  "product_id": "7Server-RHV-4-Tools-7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
                "product": {
                  "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
                  "product_id": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-misc@1.0.4-1.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
                "product": {
                  "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
                  "product_id": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-fast-forward-upgrade@1.0.0-17.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
                "product": {
                  "name": "rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
                  "product_id": "rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm-dependencies@4.3.2-1.el7ev?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-extensions-api-impl-javadoc@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python2-ovirt-engine-lib@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-0:4.3.9.3-0.1.el7.noarch",
                "product": {
                  "name": "rhvm-0:4.3.9.3-0.1.el7.noarch",
                  "product_id": "rhvm-0:4.3.9.3-0.1.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm@4.3.9.3-0.1.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
                "product": {
                  "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
                  "product_id": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
                "product": {
                  "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
                  "product_id": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils-javadoc@1.8.3-15.el7_7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
                "product": {
                  "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
                  "product_id": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-misc@1.0.4-1.el7ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
                "product": {
                  "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
                  "product_id": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-fast-forward-upgrade@1.0.0-17.el7ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhvm-dependencies-0:4.3.2-1.el7ev.src",
                "product": {
                  "name": "rhvm-dependencies-0:4.3.2-1.el7ev.src",
                  "product_id": "rhvm-dependencies-0:4.3.2-1.el7ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhvm-dependencies@4.3.2-1.el7ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ovirt-engine-0:4.3.9.3-0.1.el7.src",
                "product": {
                  "name": "ovirt-engine-0:4.3.9.3-0.1.el7.src",
                  "product_id": "ovirt-engine-0:4.3.9.3-0.1.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ovirt-engine@4.3.9.3-0.1.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
                "product": {
                  "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
                  "product_id": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch as a component of Tools for RHV Engine",
          "product_id": "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch"
        },
        "product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
        "relates_to_product_reference": "7Server-RHV-4-Tools-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src as a component of Tools for RHV Engine",
          "product_id": "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src"
        },
        "product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
        "relates_to_product_reference": "7Server-RHV-4-Tools-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch as a component of Tools for RHV Engine",
          "product_id": "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
        },
        "product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
        "relates_to_product_reference": "7Server-RHV-4-Tools-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-0:4.3.9.3-0.1.el7.src as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src"
        },
        "product_reference": "ovirt-engine-0:4.3.9.3-0.1.el7.src",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch"
        },
        "product_reference": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src"
        },
        "product_reference": "ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch"
        },
        "product_reference": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src"
        },
        "product_reference": "ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-0:4.3.9.3-0.1.el7.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch"
        },
        "product_reference": "rhvm-0:4.3.9.3-0.1.el7.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-dependencies-0:4.3.2-1.el7ev.noarch as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch"
        },
        "product_reference": "rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhvm-dependencies-0:4.3.2-1.el7ev.src as a component of RHV-M 4.3",
          "product_id": "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
        },
        "product_reference": "rhvm-dependencies-0:4.3.2-1.el7ev.src",
        "relates_to_product_reference": "7Server-RHV-S-4.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-10086",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2019-10-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1767483"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
          "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
          "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
        ],
        "known_not_affected": [
          "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
          "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
          "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-10086"
        },
        {
          "category": "external",
          "summary": "RHBZ#1767483",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
        },
        {
          "category": "external",
          "summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
          "url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
        }
      ],
      "release_date": "2019-08-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-02T16:33:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
            "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1308"
        },
        {
          "category": "workaround",
          "details": "There is no currently known mitigation for this flaw.",
          "product_ids": [
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
            "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
            "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
            "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
            "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
    },
    {
      "cve": "CVE-2019-17195",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "discovery_date": "2019-10-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1764791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Connect2id Nimbus JOSE+JWT prior to version 7.9. While processing JSON web tokens (JWT), nimbus-jose-jwt can throw various uncaught exceptions resulting in an application crash, information disclosure, or authentication bypass. The highest threat from this vulnerability is to data confidentiality and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nimbus-jose-jwt: Uncaught exceptions while parsing a JWT",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat Virtualization 4.2, nimbus-jose-jwt was bundled in the rhvm-dependencies package. In Red Hat Virtualization 4.3, nimbus-jose-jwt was made available as a separate package and no longer bundled in rhvm-dependencies. Thus, rhvm-dependencies only contained this vulnerability in the 4.2 EUS stream, the 4.3 version of rhvm-dependencies is not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
          "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
          "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
          "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
          "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
          "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
          "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
          "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17195"
        },
        {
          "category": "external",
          "summary": "RHBZ#1764791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17195"
        }
      ],
      "release_date": "2019-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-04-02T16:33:32+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
            "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
            "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:1308"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
            "7Server-RHV-4-Tools-7:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-0:4.3.9.3-0.1.el7.src",
            "7Server-RHV-S-4.3:ovirt-engine-backend-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-dbscripts-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extension-aaa-misc-0:1.0.4-1.el7ev.src",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-extensions-api-impl-javadoc-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-health-check-bundler-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-restapi-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-base-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-cinderlib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-setup-plugin-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-tools-backup-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-vmconsole-proxy-helper-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-webadmin-portal-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-engine-websocket-proxy-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.noarch",
            "7Server-RHV-S-4.3:ovirt-fast-forward-upgrade-0:1.0.0-17.el7ev.src",
            "7Server-RHV-S-4.3:python2-ovirt-engine-lib-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-0:4.3.9.3-0.1.el7.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.noarch",
            "7Server-RHV-S-4.3:rhvm-dependencies-0:4.3.2-1.el7ev.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nimbus-jose-jwt: Uncaught exceptions while parsing a JWT"
    }
  ]
}

wid-sec-w-2022-0770

Vulnerability from csaf_certbund

Published

2020-04-23 22:00

Modified

2024-05-16 22:00

Summary

IBM DB2: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.

Angriff

Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-0770 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-0770 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
        "url": "https://www.ibm.com/support/pages/node/6198380"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2020:2603"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
        "url": "https://access.redhat.com/errata/RHSA-2020:4807"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
        "url": "https://access.redhat.com/errata/RHSA-2021:3225"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
        "url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
        "url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
        "url": "https://www.ibm.com/support/pages/node/7153639"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM DB2: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:32:05.856+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-0770",
      "initial_release_date": "2020-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-06-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-11-03T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-19T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-05-26T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2022-07-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-10-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2024-02-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-16T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Hitachi Ops Center",
                "product": {
                  "name": "Hitachi Ops Center",
                  "product_id": "T017562",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hitachi:ops_center:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cAnalyzer 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
                  "product_id": "T030196"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cViewpoint 10.9.3-00",
                "product": {
                  "name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
                  "product_id": "T030197"
                }
              }
            ],
            "category": "product_name",
            "name": "Ops Center"
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.1",
                "product": {
                  "name": "IBM DB2 11.1",
                  "product_id": "342000",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.5",
                "product": {
                  "name": "IBM DB2 11.5",
                  "product_id": "695419",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:db2:11.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "DB2"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-0001",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2009-0001"
    },
    {
      "cve": "CVE-2014-0114",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0114"
    },
    {
      "cve": "CVE-2014-0193",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-0193"
    },
    {
      "cve": "CVE-2014-3488",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2014-3488"
    },
    {
      "cve": "CVE-2015-2156",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2015-2156"
    },
    {
      "cve": "CVE-2016-2402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2016-2402"
    },
    {
      "cve": "CVE-2017-12972",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12972"
    },
    {
      "cve": "CVE-2017-12973",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12973"
    },
    {
      "cve": "CVE-2017-12974",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-12974"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-3734",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-3734"
    },
    {
      "cve": "CVE-2017-5637",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2017-5637"
    },
    {
      "cve": "CVE-2018-10237",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-11771",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-11771"
    },
    {
      "cve": "CVE-2018-8009",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8009"
    },
    {
      "cve": "CVE-2018-8012",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2018-8012"
    },
    {
      "cve": "CVE-2019-0201",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-0201"
    },
    {
      "cve": "CVE-2019-10086",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10086"
    },
    {
      "cve": "CVE-2019-10172",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10172"
    },
    {
      "cve": "CVE-2019-10202",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-10202"
    },
    {
      "cve": "CVE-2019-12402",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-12402"
    },
    {
      "cve": "CVE-2019-16869",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-16869"
    },
    {
      "cve": "CVE-2019-17195",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17195"
    },
    {
      "cve": "CVE-2019-17571",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-17571"
    },
    {
      "cve": "CVE-2019-9512",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9512"
    },
    {
      "cve": "CVE-2019-9514",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9514"
    },
    {
      "cve": "CVE-2019-9515",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9515"
    },
    {
      "cve": "CVE-2019-9518",
      "notes": [
        {
          "category": "description",
          "text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "342000",
          "67646",
          "695419",
          "T030196",
          "T017562",
          "T030197"
        ]
      },
      "release_date": "2020-04-23T22:00:00.000+00:00",
      "title": "CVE-2019-9518"
    }
  ]
}

fkie_cve-2019-17195

Vulnerability from fkie_nvd

Published

2019-10-15 14:15

Modified

2024-11-21 04:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt	Release Notes, Third Party Advisory
cve@mitre.org	https://connect2id.com/blog/nimbus-jose-jwt-7-9	Release Notes, Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E
cve@mitre.org	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2021.html	Patch, Third Party Advisory
cve@mitre.org	https://www.oracle.com/security-alerts/cpujan2022.html	Not Applicable
cve@mitre.org	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://connect2id.com/blog/nimbus-jose-jwt-7-9	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com//security-alerts/cpujul2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuApr2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2022.html	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
connect2id	nimbus_jose\+jwt	*
apache	hadoop	3.2.1
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0
oracle	communications_pricing_design_center	12.0.0.3.0
oracle	data_integrator	12.2.1.4.0
oracle	enterprise_manager_base_platform	13.4.0.0
oracle	healthcare_data_repository	8.1.0
oracle	insurance_policy_administration	*
oracle	jd_edwards_enterpriseone_orchestrator	*
oracle	jd_edwards_enterpriseone_tools	*
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59
oracle	policy_automation	*
oracle	primavera_gateway	*
oracle	primavera_gateway	19.12.0
oracle	solaris_cluster	4.0
oracle	weblogic_server	12.2.1.3.0
oracle	weblogic_server	12.2.1.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9A6F74-1242-4469-A93A-868688427450",
              "versionEndExcluding": "7.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "B88C6164-4361-433D-9B88-3E039CC039AE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0A4A6-70D3-418B-80EA-04718C50C500",
              "versionEndIncluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922",
              "versionEndIncluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "225A30A4-90FD-4B3A-80C4-9871294C318E",
              "versionEndIncluding": "12.2.22",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
              "versionEndIncluding": "18.8.11",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B201A85E-1310-46B8-8A3B-FF7675F84E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A83709-4D38-4844-8928-0C2D6F2033BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
    },
    {
      "lang": "es",
      "value": "Connect2id Nimbus JOSE+JWT versiones anteriores a v7.9, puede arrojar varias excepciones no captadas al analizar un JWT, lo que podr\u00eda resultar en un bloqueo de la aplicaci\u00f3n (potencial divulgaci\u00f3n de informaci\u00f3n) o una posible omisi\u00f3n de autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2019-17195",
  "lastModified": "2024-11-21T04:31:50.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-15T14:15:12.380",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-17195 (GCVE-0-2019-17195)

Vulnerability from cvelistv5

gsd-2019-17195

Vulnerability from gsd

ghsa-f6vf-pq8c-69m4

Vulnerability from github

rhsa-2020:1308

Vulnerability from csaf_redhat

wid-sec-w-2022-0770

Vulnerability from csaf_certbund

fkie_cve-2019-17195

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature