What is the severity of RHSA-2020:5341?

The severity of RHSA-2020:5341 is classified as critical due to the impact on the JBoss Enterprise Application Platform.

How do I fix RHSA-2020:5341?

To fix RHSA-2020:5341, upgrade to the latest recommended versions of the affected packages listed in the advisory.

What are the affected packages in RHSA-2020:5341?

The affected packages in RHSA-2020:5341 include various versions of eap7-activemq-artemis, eap7-hibernate-validator, and several others listed in the advisory.

Is it safe to ignore RHSA-2020:5341 vulnerabilities?

It is not safe to ignore RHSA-2020:5341 vulnerabilities as they can lead to serious security breaches in JBoss applications.

Where can I find more information about RHSA-2020:5341?

More information about RHSA-2020:5341 can be found in the Red Hat advisory documentation.

Vulnerability/
RHSA-2020:5341

CWE

3/12/2020

20/6/2024

RHSA-2020:5341: Important: Red Hat JBoss Enterprise Application Platform 7.3.4 security update

First published: Thu Dec 03 2020(Updated: )

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.<br>This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.<br><li> jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (CVE-2020-25649)</li> <li> hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)</li> <li> wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL (CVE-2020-25644)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/eap7-activemq-artemis	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-fge-btf	<1.2.0-1.redhat_00007.1.el7ea	1.2.0-1.redhat_00007.1.el7ea
redhat/eap7-fge-msg-simple	<1.1.0-1.redhat_00007.1.el7ea	1.1.0-1.redhat_00007.1.el7ea
redhat/eap7-hal-console	<3.2.11-1.Final_redhat_00001.1.el7ea	3.2.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-hibernate-validator	<6.0.21-1.Final_redhat_00001.1.el7ea	6.0.21-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-annotations	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-core	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-coreutils	<1.6.0-1.redhat_00006.1.el7ea	1.6.0-1.redhat_00006.1.el7ea
redhat/eap7-jackson-jaxrs-providers	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-modules-base	<2.10.4-3.redhat_00002.1.el7ea	2.10.4-3.redhat_00002.1.el7ea
redhat/eap7-jackson-modules-java8	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jasypt	<1.9.3-1.redhat_00002.1.el7ea	1.9.3-1.redhat_00002.1.el7ea
redhat/eap7-jboss-marshalling	<2.0.10-1.Final_redhat_00001.1.el7ea	2.0.10-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-remoting	<5.0.19-1.Final_redhat_00001.1.el7ea	5.0.19-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-xnio-base	<3.7.11-1.Final_redhat_00001.1.el7ea	3.7.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-undertow	<2.0.32-1.SP1_redhat_00001.1.el7ea	2.0.32-1.SP1_redhat_00001.1.el7ea
redhat/eap7-wildfly	<7.3.4-3.GA_redhat_00003.1.el7ea	7.3.4-3.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-elytron	<1.10.9-1.Final_redhat_00001.1.el7ea	1.10.9-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-openssl	<1.0.12-1.Final_redhat_00001.1.el7ea	1.0.12-1.Final_redhat_00001.1.el7ea
redhat/eap7-activemq-artemis-cli	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-commons	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-core-client	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-dto	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-hornetq-protocol	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-hqclient-protocol	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-jdbc-store	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-jms-client	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-jms-server	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-journal	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-ra	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-selector	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-server	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-service-extensions	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-activemq-artemis-tools	<2.9.0-6.redhat_00016.1.el7ea	2.9.0-6.redhat_00016.1.el7ea
redhat/eap7-hibernate-validator-cdi	<6.0.21-1.Final_redhat_00001.1.el7ea	6.0.21-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-datatype-jdk8	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-datatype-jsr310	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-jaxrs-base	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-jaxrs-json-provider	<2.10.4-1.redhat_00002.1.el7ea	2.10.4-1.redhat_00002.1.el7ea
redhat/eap7-jackson-module-jaxb-annotations	<2.10.4-3.redhat_00002.1.el7ea	2.10.4-3.redhat_00002.1.el7ea
redhat/eap7-jboss-marshalling-river	<2.0.10-1.Final_redhat_00001.1.el7ea	2.0.10-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration-cli	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-core	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap6.4	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap7.0	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap7.1	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap7.2	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-eap7.3-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly10.0	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly10.1	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly11.0	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly12.0	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly13.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly14.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly15.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly16.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly17.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly18.0-server	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly8.2	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-jboss-server-migration-wildfly9.0	<1.7.2-3.Final_redhat_00004.1.el7ea	1.7.2-3.Final_redhat_00004.1.el7ea
redhat/eap7-wildfly-elytron-tool	<1.10.9-1.Final_redhat_00001.1.el7ea	1.10.9-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-java-jdk11	<7.3.4-3.GA_redhat_00003.1.el7ea	7.3.4-3.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-java-jdk8	<7.3.4-3.GA_redhat_00003.1.el7ea	7.3.4-3.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-javadocs	<7.3.4-3.GA_redhat_00003.1.el7ea	7.3.4-3.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-modules	<7.3.4-3.GA_redhat_00003.1.el7ea	7.3.4-3.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-openssl-java	<1.0.12-1.Final_redhat_00001.1.el7ea	1.0.12-1.Final_redhat_00001.1.el7ea

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:5341 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2020:5341?
The severity of RHSA-2020:5341 is classified as critical due to the impact on the JBoss Enterprise Application Platform.
How do I fix RHSA-2020:5341?
To fix RHSA-2020:5341, upgrade to the latest recommended versions of the affected packages listed in the advisory.
What are the affected packages in RHSA-2020:5341?
The affected packages in RHSA-2020:5341 include various versions of eap7-activemq-artemis, eap7-hibernate-validator, and several others listed in the advisory.
Is it safe to ignore RHSA-2020:5341 vulnerabilities?
It is not safe to ignore RHSA-2020:5341 vulnerabilities as they can lead to serious security breaches in JBoss applications.
Where can I find more information about RHSA-2020:5341?
More information about RHSA-2020:5341 can be found in the Red Hat advisory documentation.

agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/remedy
agent/weakness
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:5341
agent/software-canonical-lookup
agent/references
agent/tags
agent/event
agent/source
package-manager/redhat