Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.

CVE-2023-44212

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

CVE-2023-45242

Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

CVE-2023-45241

CVE-2023-45240

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637.

CVE-2023-44211

CVE-2023-45243

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
* CVE-2023-3171: A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service.
* CVE-2023-4061: A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.
* CVE-2023-26136: A flaw was found in the tough-cookie package which allows Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
* CVE-2023-26464: A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.
* CVE-2023-33201: A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain unauthorized information via blind LDAP Injection, exploring the environment and enumerating data. The exploit depends on the structure of the target LDAP directory as well as what kind of errors are exposed to the user.
* CVE-2023-34462: A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.


SRPM eap7-activemq-artemis-2.16.0-15.redhat\_00049.1.el7eap.src.rpm SHA-256: 60b05a7d89ded0636d74c5bb9160ce3c55497124834deca01285bc37f673ffcf eap7-bouncycastle-1.76.0-4.redhat\_00001.1.el7eap.src.rpm SHA-256: 62d7797cd09056e38239506467094adb81d0bbfbfc22209154fcad626d647b18 eap7-hal-console-3.3.19-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: a15c7fcab80fa2e49ea63a4fe932575783c19f87d41d685348946065d8f87341 eap7-hibernate-5.3.31-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: f234bd18103c5c4366ee003c800bb87d94ed255c05aaa6c41f8e217b0d0772e3 eap7-ironjacamar-1.5.15-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: c760d08524919b1184eaa82ee18b0cff29fc939bc4e63aadaf59c67600941850 eap7-jboss-marshalling-2.0.13-2.SP1\_redhat\_00001.1.el7eap.src.rpm SHA-256: ce99cecf0ffad039881d46f730e0380f5acbf017cfdc6ba1005d738297f57c86 eap7-jboss-modules-1.12.2-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: 9732d2a66250f399c83d5c37981b1d2f7db635e87ead946e0622b49320520978 eap7-jboss-server-migration-1.10.0-31.Final\_redhat\_00030.1.el7eap.src.rpm SHA-256: ab5adf39d3e554a89d5fcee78dcec65bd2af45cad19b5c16b2c1000db049911c eap7-jboss-xnio-base-3.8.10-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: fc357ae46960e9a1dd729a8c9fc518528ce9a5f5e2c64caaaf03afb131ede4be eap7-mod\_cluster-1.4.5-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: be79c8152ffa6724a4647e33e3962b61839c1fe9be189bf7489cd8a88eac8ed3 eap7-netty-4.1.94-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: f8d659fc647670b18ea187e41299459e7a2acac6d9b34ed99ba3c1e71a86413c eap7-netty-transport-native-epoll-4.1.94-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: b05889d6867a4257dc5f7dbee08b1e5973840ceb0a12d3a2a0d1bb332e7965a1 eap7-resteasy-3.15.8-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: 8509e849347c953c3ea6a98b182039d8e4e5578a3379a2d7582af27cc501245e eap7-undertow-2.2.26-1.SP1\_redhat\_00001.1.el7eap.src.rpm SHA-256: 5a2b5bbf3ae6bc99f8aca5a15fd9be69e1274f81359216ec2a8bd01317af8c0e eap7-wildfly-7.4.13-8.GA\_redhat\_00001.1.el7eap.src.rpm SHA-256: 86138faff3f4be9eae82fa77d25cb424241e8d7d571e908dfcfbbd7849a8911e eap7-wildfly-elytron-1.15.20-1.Final\_redhat\_00001.1.el7eap.src.rpm SHA-256: 2f9d7d0f405bf257311d64166134792585a4fc62171737340d178fd964dc9274 x86\_64 eap7-activemq-artemis-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 48956bd744df0c64b9366bc041eaa8bccd8ccff4e40a5bba02de6f92f4928aa5 eap7-activemq-artemis-cli-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 6e0f30f64606e372784d20de68b64f75c5e574b2a39ab7ebd849adb4fd16dcf0 eap7-activemq-artemis-commons-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 8f0c5e1a77e57cb9c36fad8c0ea513858e152a170809a7cd7a03d404919b78c7 eap7-activemq-artemis-core-client-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 566d04820b47e52df42cfe79df35a0b0be4ea8690083ac3560185fa9d58a415a eap7-activemq-artemis-dto-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 8e5c19cfa59f4536203262c4b5e6cd2b5df71565e0734d61f60522e82636b6b1 eap7-activemq-artemis-hornetq-protocol-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: e96b146ee5dcb9772cf80a20768ef5fc1244ab832d058c008452cb3a3fa18d25 eap7-activemq-artemis-hqclient-protocol-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 775b3f6f38295b15e9a192d8508bb4e905ba1b2419082788cae67318ffa4b0e7 eap7-activemq-artemis-jdbc-store-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 695f9cb9f708ee3e9c01583f279633a53e3ebca9764160835d50fc6618a7b2fe eap7-activemq-artemis-jms-client-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 3624ef404e998ebf87fa58104cd2160d8c64e44f5490e18a5d0123d9ee000570 eap7-activemq-artemis-jms-server-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 2dea3bcf6627559fcdfbed91184c7872483684d2d41c708e10b92623549086fd eap7-activemq-artemis-journal-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 9847093b8bb013d25a0d45764dd3c00814367cf23144c10fb93cb811e475f1c8 eap7-activemq-artemis-ra-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: a659c4a0dc6bde93ae6e098541dc7dc73d2a4aab9068b0dcba539868d7136cfc eap7-activemq-artemis-selector-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 3a178fd3825f9523f5634254f475a0708cefc61f2f954b33e0acb29633b4110f eap7-activemq-artemis-server-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 2fa2196ef5a64c09abb845daf47cc90b84d7be990a1d99f4b3b4ec1fb0125976 eap7-activemq-artemis-service-extensions-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: 1dc5e1157987dbfa9df7f85bca38a57cceef0066e4db2036a311e3cafad630ac eap7-activemq-artemis-tools-2.16.0-15.redhat\_00049.1.el7eap.noarch.rpm SHA-256: a0a3d53ed45d6b135a6d7b83090f032f6053f690434b52a797b912bfef4f8fc8 eap7-bouncycastle-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: 58ad6665126c1ae12bd4b3c2dbcae2166c5fb773e662e991b8cfba1d26b86cd7 eap7-bouncycastle-mail-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: e6bb811145ebe937ba635e05d6d9c7a7ce661c2566b5417ff0bc4e9052d5b139 eap7-bouncycastle-pg-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: 451aa7767aa1aba53ed809530b4b507587c0c058d91b02050ab32b0b97376de7 eap7-bouncycastle-pkix-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: 84a1637daed603ad2f8943d974acaad29a418230f1390425129e55bfaf90a6eb eap7-bouncycastle-prov-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: 52b86a2a3a2ac35ed233642ec42654e17f17d3c5b77e8f940071eb189b8bf012 eap7-bouncycastle-util-1.76.0-4.redhat\_00001.1.el7eap.noarch.rpm SHA-256: 1cf26c1ad9b98a5c0ddd6ea72c87e92c6c8e87164bedf7f231d50e82c78cf857 eap7-hal-console-3.3.19-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 45f755a08f9f2bd72a8313fb3cbedfca07821d729424caf2fe9e47dbb1f23018 eap7-hibernate-5.3.31-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 755587f092046e49e03df9329839fd269d1d9bcd1671ec5d185ce50d30ada95b eap7-hibernate-core-5.3.31-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 48578dfd8255ea209454620c7e8f59350cfa2211685d079e92ca2339a574f56a eap7-hibernate-entitymanager-5.3.31-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 181505363a3185c87106e0f5d682ca3c9c7398355eb7cb59dfd06c69a00fc7d9 eap7-hibernate-envers-5.3.31-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 58aec7825ea382cb565f531381d78c742d7c3e76b915a2dbc4704eb5d554a2d0 eap7-hibernate-java8-5.3.31-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 098679e4abaebd38765a4cbfb5d2415ead45c7ebd81dc3fb7a4cef3ce73b4ad6 eap7-ironjacamar-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: a6c3c7b7e466c3393557ee7734ed99c5e65b2518b55acfb6434edc11fccfd4f9 eap7-ironjacamar-common-api-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: a28039b617bb1ab95f1ac18057f31527bd46e992cd61a75d42598ab89153dce4 eap7-ironjacamar-common-impl-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 3d65236b985c46efb9955bcb205ab6cd0f02b2f5eb09fae4dd623352cb6ac886 eap7-ironjacamar-common-spi-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: eef07a489572877c0a0c92a3f25855b1e189cc624ae5ffa4bddc5c9f4c6089ef eap7-ironjacamar-core-api-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: e010254ae5c128fa85705b8b9b4d362c75fe3995757a33165678d78341e50059 eap7-ironjacamar-core-impl-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: eadd9a51e99623b6556a11a5490d66dbebd2741d5a496bddb72a6460b651f47b eap7-ironjacamar-deployers-common-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: eaea36222d0c5aec008a212f47c35119b131643265cbad1fe3fbfed18f6e2705 eap7-ironjacamar-jdbc-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 1d7e8fe87a19c0994f567f878bdbc246bbf6f04d8cbcb5d69ce5dbc9cf789cea eap7-ironjacamar-validator-1.5.15-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 6817e46b59a6bf1a65a038905db3e79774b4121b058fb63ec01a191a48d4c122 eap7-jboss-marshalling-2.0.13-2.SP1\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: f0a7d73d4d90a119cf4b736565349efad032e6dca5f85b86edf1b1f5dc63e92b eap7-jboss-marshalling-river-2.0.13-2.SP1\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: dcf3df561a35b3ab1b82643a8240f0e2a1db5917ef2294cf66260d170121abc6 eap7-jboss-modules-1.12.2-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: e535839f6c6bd24872530bc43b0103ac798d5a900951e709cf0861ee4453c85c eap7-jboss-server-migration-1.10.0-31.Final\_redhat\_00030.1.el7eap.noarch.rpm SHA-256: 7e8039236f7ad6605dc3e2b307501df00202def0ec584add90fe65d831d7655f eap7-jboss-server-migration-cli-1.10.0-31.Final\_redhat\_00030.1.el7eap.noarch.rpm SHA-256: ed87733e79d63139433b621b8f21f5c36ace1d978d9589c047425b3281cabcd7 eap7-jboss-server-migration-core-1.10.0-31.Final\_redhat\_00030.1.el7eap.noarch.rpm SHA-256: 22f4a91f98d6d4af9a4a18d19ba6bf6f31be8bbce5623bbf541c3ad80acadb7b eap7-jboss-xnio-base-3.8.10-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: e4888f359aa6716c63d2fa8e4cae4848d45f576631f589a88b12185d4d2b2a05 eap7-mod\_cluster-1.4.5-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: abb57026a584273be93b866b32725f4872c43816e61ccf36b1f2cea1b72f06dc eap7-netty-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 96fcb01997494241a04852fbb7750f55fb762ad925008bee94c5909f9f257dd5 eap7-netty-all-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 8f0bbdd522b1497bf25d2788a093a38ada110553f38bd64263f4469a4e4ac4f0 eap7-netty-buffer-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 6f898168f204b5e9d8fdd63b2a7a60afe34d66e81315737f122a39891074a56f eap7-netty-codec-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 6c53485f9e338c993687237ebfd7a010addf579b1d11b6a2ca4dc20b0e0c642b eap7-netty-codec-dns-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: da2d37efeedb268ab89121dd5d0bcc0d797aa9dfc5d2f6500c17688e39600e44 eap7-netty-codec-haproxy-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: d8aac62379dc74cceb245252a170ea01336fca3f1a9011a50eb2d10560f29f4b eap7-netty-codec-http-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 344dc5f86abff286ae4d56435343c21552920f7c6c21f9b73c0685d00b92cba1 eap7-netty-codec-http2-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 8870bb8eed612eb463b1e106bad6f7fa8da9ca3558150b5938458232e137e425 eap7-netty-codec-memcache-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 890e7b3b1c2010ba163a2b11904c3262e84662fde695cd13a663829b4d8e32b7 eap7-netty-codec-mqtt-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: c03b8699682682740cfb81d9f9483901431e55890d6acfe9f35408b620f994e1 eap7-netty-codec-redis-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: ab3bed8aba70b89080e2e12a94b6f0680dcce378994f4c25140f16adda94a59a eap7-netty-codec-smtp-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 56408718b6a0a2d8776d5a447271447b8815a4a882bbdc4cf59d3b581c896b0d eap7-netty-codec-socks-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 04acca7e37640a8fba35b1d38baab73728715bafaec3ac237e6303790829f3ca eap7-netty-codec-stomp-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: efc96123c1d10a76944395fb62ba47c324de47844a9f24351889128992254945 eap7-netty-codec-xml-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 32e4c406ed775eadc8e064cf1639b029fd68b06ac87121883abaad59f51167f3 eap7-netty-common-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: ff447a92cffb15ec9c971118cfc8f11dd3bbd0a3270503f57d1153277ca4f22b eap7-netty-handler-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 914534ec4195b7feb531d29bdbcc20275c7f80acfbc2e807860b7dd2ac38c66a eap7-netty-handler-proxy-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: c04ff09bbff241da19200406c2b48bf0f0a0a611155a70034af053b520c5d48a eap7-netty-resolver-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 864b25e55c942f48495e8a0a4a501dc3d3d6169b4d0abdb779db83724a73fccf eap7-netty-resolver-dns-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 8fbcbb586743c2723fc3fe654cc20cda8ce5f02271a64e293e5d68ff070f037e eap7-netty-resolver-dns-classes-macos-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: b49d257c522b5bb972ad6a0e88f25561d06c67181ace22d54139b7a91f5323dc eap7-netty-transport-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 92860b05f53c42f078b1e72783a064d06b85010836abfeb2e389a674d9c319cf eap7-netty-transport-classes-epoll-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 9a791064955256a885a4e52c04cfbc23afa016e44e662eb7c9931ce1340b59a7 eap7-netty-transport-classes-kqueue-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 2bda170d7e4774f34557675a76df869c5f00492fc232e9d40ac31fa2292f265d eap7-netty-transport-native-epoll-4.1.94-1.Final\_redhat\_00001.1.el7eap.x86\_64.rpm SHA-256: 92dc092c97f1376f24f1d40e84cc31e263189153b4b0922a7c0c3fb74ae374fa eap7-netty-transport-native-epoll-debuginfo-4.1.94-1.Final\_redhat\_00001.1.el7eap.x86\_64.rpm SHA-256: bddb6cc4ae9d8a2e4c17db88c6d6a4a7761aa413f667b3cd161600c61e220fbc eap7-netty-transport-native-unix-common-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 701bb2654ff0b5374b603e91afa62d896c86a529bc73b8ce7e3a8f230a714212 eap7-netty-transport-rxtx-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: b0ddf203b681039e17a233fa94526fba16a78341802aa867fa5480d6dc376f52 eap7-netty-transport-sctp-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: cc7713c9cf621b131ed560f572228970fa75f3d32a92edde16cebbb84a950a71 eap7-netty-transport-udt-4.1.94-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 68e045b2ae4efcf240ff55e8b0efe693fa68ea450ebf50fa9d7f301e65832878 eap7-resteasy-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 7f393d281893949c2ed25e8d6cfab85912a8ea490875f753115b764b3c1e3ed9 eap7-resteasy-atom-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 10fe2750c6920d165634eaa39e66786e19e3c3e72c39100d973f45757e8e5de2 eap7-resteasy-cdi-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 41f77131431b793b4bce52cab59c8e7576ffd030b73f225e3d2ac49414d8e1c3 eap7-resteasy-client-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 67f76b53e81e4f538197f467a021e1748b10d161664d685418aafe3be2c5552f eap7-resteasy-crypto-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: d6a67758fb7c35dbec3edf0b8210cb4389cf31879ea0452c15892eee2cc8b96a eap7-resteasy-jackson-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 679d59fb1c23e1286859b29325fd604fdd1ec766c2a2d4982f9461d255304717 eap7-resteasy-jackson2-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 60a228aa54fd0555c60c42f593dc763fc0b4c71a2451375ccaed43ab44421136 eap7-resteasy-jaxb-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 01b9f6978b2491717351a85b1bbe3620b53a0063657ce95663281f673ddbfd91 eap7-resteasy-jaxrs-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 668eecf922bfcc7c9d54f4335f0b80ac3a492b2e77346a2b707f1d78e202ca5d eap7-resteasy-jettison-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: bc944c8f3f539b518b406c25490e5a34da1ff2ed516bdd634ddb3715fc501afb eap7-resteasy-jose-jwt-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 8f9301232f51324bf3aae69acf28add2ee7686a32a3040da25fbf0665a33a75d eap7-resteasy-jsapi-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 190542ebf621f072366c822460866b6bce99bbcd98adc6aad526f53bc3b271b9 eap7-resteasy-json-binding-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: d668846d57ea1eefff08a107c6ee41ba70397e3425d7ff76aba2017eae2151c5 eap7-resteasy-json-p-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: d20146e81d66b332818b9557b2cc7f1fa10f8d2911e8d19e7c868eaa8c955d9a eap7-resteasy-multipart-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 6116dc77f7884beb87af522810d3de6726b2ef6eb3c10e884110cf9a1f1905c2 eap7-resteasy-rxjava2-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: fa840f6b9900c2224fdc79477baaed636ecde1436bf3c93b1afa905de854d7e1 eap7-resteasy-spring-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: fbeb74682a64611591eec2c3868f461194d85db94c1148947ba5210b5413a349 eap7-resteasy-validator-provider-11-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: bd826bd09cd3b25ac78d6cb2b47e7293a81978df0329a75930294850a56dd6d2 eap7-resteasy-yaml-provider-3.15.8-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 9b6acbac66efed87b6325c3083f235642d0d697df9d8033aa6a97e8457e78106 eap7-undertow-2.2.26-1.SP1\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: a236a1a8c3c99fc464e257321c1a9362fa380cd176a757a3944eafdc7a5c0b56 eap7-wildfly-7.4.13-8.GA\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 44de3487ff35514919c4ae546c38428792c1abee30c82c10c93bf6461abd146f eap7-wildfly-elytron-1.15.20-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: b9a0b762d84354aad49efbd5648573d61a9ee29479918b7b8c2e720485dc8455 eap7-wildfly-elytron-tool-1.15.20-1.Final\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 810ed219530ab3e5aaefe2f9c6098993d92e0b487c0b6d434db5bb45a21c77b1 eap7-wildfly-java-jdk11-7.4.13-8.GA\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: 281450ce5d90b2c859a4fcdb52a7baf49763412a236adf02a11f66312e8332f7 eap7-wildfly-java-jdk8-7.4.13-8.GA\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: e485df44306bab0c74b8665818944e268255e0ae4452761a02998f912d9fb223 eap7-wildfly-javadocs-7.4.13-8.GA\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: a77106c07d355b176e8a5c50a24dfe3441f00f916a8c18929590d0ca1ea437bf eap7-wildfly-modules-7.4.13-8.GA\_redhat\_00001.1.el7eap.noarch.rpm SHA-256: fa208a10733fd4e1b5f2f128ad2dd7dc67d3da7457f77d013c32cd9118a910cc

RHSA-2023:5484: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-42755: cve-details

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.

CVE-2023-42754: cve-details


Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.



**Impact**

High

**Details**

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-4401

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43068

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVE-2023-43071

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

4.4

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CVE-2023-43073

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Proprietary Code CVEs

Description

CVSS Base Score

CVSS Vector String

CVE-2023-4401

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43068

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43069

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-43070

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVE-2023-43071

Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.

4.4

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

CVE-2023-43072

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

CVE-2023-43073

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

**Affected Products and Remediation**

CVEs Addressed 

Product

Affected Versions

Updated Versions

Link

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software Debian package v1.4.1   
for upgrading SmartFabric Storage Software VM  
 deployed on either ESXi or linux KVM

 v1.4.0 and prior

 v1.4.1

Debian Package v1.4.1 upgrade SmartFabric Storage Software VM (applicable to ESXi or Linux KVM)

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software package v1.4.1 for ESXi.

v1.4.0 and prior

v1.4.1

SmartFabric Storage Software package v1.4.1 for ESXi

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software package v1.4.1 for Linux KVM.

v1.4.0 and prior

v1.4.1

SmartFabric Storage Software package v1.4.1 for Linux KVM

CVEs Addressed 

Product

Affected Versions

Updated Versions

Link

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software Debian package v1.4.1   
for upgrading SmartFabric Storage Software VM  
 deployed on either ESXi or linux KVM

 v1.4.0 and prior

 v1.4.1

Debian Package v1.4.1 upgrade SmartFabric Storage Software VM (applicable to ESXi or Linux KVM)

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software package v1.4.1 for ESXi.

v1.4.0 and prior

v1.4.1

SmartFabric Storage Software package v1.4.1 for ESXi

CVE-2023-4401, CVE-2023-43068, CVE-2023-43069, CVE-2023-43070, CVE-2023-43071, CVE-2023-43072, CVE-2023-43073

SmartFabric Storage Software package v1.4.1 for Linux KVM.

v1.4.0 and prior

v1.4.1

SmartFabric Storage Software package v1.4.1 for Linux KVM

**Workarounds and Mitigations**

None

**Revision History**

Revision

Date

Description

1.0

2023-09-28

Initial Revision

2.0

2023-10-05

Major Revision: added CVE links and modified some minor formatting

**Related Information**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

SmartFabric Storage Software for NVMe/TCP SAN, SmartFabric Storage Software Download for NVMe/TCP SAN

Tag

#linux