What is the severity of RHSA-2023:1286?

The severity of RHSA-2023:1286 is critical due to the vulnerabilities it addresses.

How do I fix RHSA-2023:1286?

To fix RHSA-2023:1286, update to the latest version of the affected packages as advised.

What vulnerabilities are addressed in RHSA-2023:1286?

RHSA-2023:1286 addresses a privilege escalation vulnerability in spring-security-oauth2-client and a denial of service issue in xstream.

What is CVE-2022-31690 relevant to RHSA-2023:1286?

CVE-2022-31690 is a privilege escalation vulnerability in spring-security-oauth2-client that is specifically addressed in RHSA-2023:1286.

Is RHSA-2023:1286 applicable to all Migration Toolkit for Runtimes users?

Yes, RHSA-2023:1286 is applicable to all users running affected versions of Migration Toolkit for Runtimes.

Vulnerability/
RHSA-2023:1286

CWE

918

16/3/2023

20/2/2024

RHSA-2023:1286: Important: Migration Toolkit for Runtimes security bug fix and enhancement update

First published: Thu Mar 16 2023(Updated: )

Migration Toolkit for Runtimes 1.0.2 Images<br>Security Fix(es):<br><li> spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)</li> <li> xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)</li> <li> Apache CXF: SSRF Vulnerability (CVE-2022-46364)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2023:1286 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2023:1286?
The severity of RHSA-2023:1286 is critical due to the vulnerabilities it addresses.
How do I fix RHSA-2023:1286?
To fix RHSA-2023:1286, update to the latest version of the affected packages as advised.
What vulnerabilities are addressed in RHSA-2023:1286?
RHSA-2023:1286 addresses a privilege escalation vulnerability in spring-security-oauth2-client and a denial of service issue in xstream.
What is CVE-2022-31690 relevant to RHSA-2023:1286?
CVE-2022-31690 is a privilege escalation vulnerability in spring-security-oauth2-client that is specifically addressed in RHSA-2023:1286.
Is RHSA-2023:1286 applicable to all Migration Toolkit for Runtimes users?
Yes, RHSA-2023:1286 is applicable to all users running affected versions of Migration Toolkit for Runtimes.

agent/severity
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/remedy
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2023:1286
agent/references
agent/tags
agent/event
agent/source

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.