RHSA-2018:0501MediumCVSS 8.0
Red Hat Security Advisory: Red Hat Single Sign-On 7.2.1 security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2016-0750 — client: unchecked deserialization in marshaller util CVE-2017-2670 — undertow: IO thread DoS via unclean Websocket closing CVE-2017-15089 — infinispan: Unsafe deserialization of malicious object injected into data cache CVE-2017-16012 — js-jquery: XSS in responses from cross-origin ajax requests
🔗 References (6)
- selfhttps://access.redhat.com/errata/RHSA-2018:0501
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=core.service.rhsso&version=7.2
- externalhttps://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1300443
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0501.json