What is the severity of RHSA-2019:4037?

The severity of RHSA-2019:4037 is classified as moderate.

How do I fix RHSA-2019:4037?

To fix RHSA-2019:4037, update Red Hat Data Grid to the latest version available, which is 7.3.2.

What vulnerabilities does RHSA-2019:4037 address?

RHSA-2019:4037 addresses various bug fixes and enhancements in Red Hat Data Grid 7.3.2.

Is RHSA-2019:4037 applicable to all versions of Red Hat Data Grid?

No, RHSA-2019:4037 specifically applies to Red Hat Data Grid version 7.3.1 and prior.

Vulnerability/
RHSA-2019:4037

CWE

918

2/12/2019

15/8/2024

RHSA-2019:4037: Important: Red Hat Data Grid 7.3.2 security update

First published: Mon Dec 02 2019(Updated: )

Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.<br>This release of Red Hat Data Grid 7.3.2 serves as a replacement for Red Hat Data Grid 7.3.1 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.<br>Security Fix(es):<br><li> infinispan: Session fixation protection broken for Spring Session integration (CVE-2019-10158)</li> <li> jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307)</li> <li> jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022)</li> <li> jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023)</li> <li> jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)</li> <li> jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)</li> <li> jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)</li> <li> jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)</li> <li> jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)</li> <li> jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)</li> <li> jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
Red Hat JBoss Data Grid

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2019:4037 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2019:4037?
The severity of RHSA-2019:4037 is classified as moderate.
How do I fix RHSA-2019:4037?
To fix RHSA-2019:4037, update Red Hat Data Grid to the latest version available, which is 7.3.2.
What vulnerabilities does RHSA-2019:4037 address?
RHSA-2019:4037 addresses various bug fixes and enhancements in Red Hat Data Grid 7.3.2.
Is RHSA-2019:4037 applicable to all versions of Red Hat Data Grid?
No, RHSA-2019:4037 specifically applies to Red Hat Data Grid version 7.3.1 and prior.
What is Red Hat Data Grid?
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.

agent/severity
agent/type
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2019:4037
agent/references
agent/title
agent/event
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat jboss data grid

RHSA-2019:4037: Important: Red Hat Data Grid 7.3.2 security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2019:4037?

How do I fix RHSA-2019:4037?

What vulnerabilities does RHSA-2019:4037 address?

Is RHSA-2019:4037 applicable to all versions of Red Hat Data Grid?

What is Red Hat Data Grid?

Company

Resources

Contact