RHSA-2020:3463HighCVSS 8.1

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

Published
August 17, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2019-14900 — hibernate: SQL injection issue in Hibernate ORM CVE-2020-1710 — EAP: field-name is not parsed in accordance to RFC7230 CVE-2020-1748 — Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10683 — dom4j: XML External Entity vulnerability in default SAX parser CVE-2020-10687 — Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests CVE-2020-10693 — hibernate-validator: Improper input validation in the interpolation of constraint error messages CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10718 — wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-14297 — wildfly: Some EJB transaction objects may get accumulated causing Denial of Service CVE-2020-14307 — wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

🔗 References (35)