Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2022-5892.NASL
HistoryAug 04, 2022 - 12:00 a.m.

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5892)

2022-08-0400:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28

8.8 High

AI Score

Confidence

Low

JSON

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5892 advisory.

  • minimist: prototype pollution (CVE-2021-44906)

  • netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  • com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:5892. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(163796);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");

  script_cve_id("CVE-2021-44906", "CVE-2022-24823", "CVE-2022-25647");
  script_xref(name:"RHSA", value:"2022:5892");

  script_name(english:"RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5892)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:5892 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?327e7d12");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5892.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4433e6b2");
  # https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?95a15247");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:5892");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2066009");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2080850");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2087186");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-17119");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23344");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23360");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23444");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23492");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23526");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23528");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23546");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23550");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23551");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23554");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23556");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23557");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23559");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23561");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23566");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23571");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23626");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23659");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23671");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23686");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23726");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23728");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23806");
  script_set_attribute(attribute:"see_also", value:"https://issues.redhat.com/browse/JBEAP-23807");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-44906");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(379, 502, 1321);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-gson");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-hal-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-memcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-mqtt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-redis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-smtp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-socks");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-stomp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-handler-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-resolver-dns-classes-macos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-epoll");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-classes-kqueue");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-native-unix-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-rxtx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-sctp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:eap7-netty-transport-udt");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/debug',
      'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/os',
      'content/dist/rhel/server/7/7Server/x86_64/jbeap/7.4/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'eap7-gson-2.8.9-1.redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-25647']},
      {'reference':'eap7-hal-console-3.3.13-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2021-44906']},
      {'reference':'eap7-netty-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-all-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-buffer-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-dns-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-haproxy-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-http-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-http2-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-memcache-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-mqtt-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-redis-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-smtp-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-socks-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-stomp-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-codec-xml-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-common-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-handler-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-handler-proxy-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-resolver-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-resolver-dns-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-resolver-dns-classes-macos-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-classes-epoll-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-classes-kqueue-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-native-unix-common-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-rxtx-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-sctp-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']},
      {'reference':'eap7-netty-transport-udt-4.1.77-1.Final_redhat_00001.1.el7eap', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'eap7', 'cves':['CVE-2022-24823']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'eap7-gson / eap7-hal-console / eap7-netty / eap7-netty-all / etc');
}
VendorProductVersionCPE
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxeap7-gsonp-cpe:/a:redhat:enterprise_linux:eap7-gson
redhatenterprise_linuxeap7-hal-consolep-cpe:/a:redhat:enterprise_linux:eap7-hal-console
redhatenterprise_linuxeap7-nettyp-cpe:/a:redhat:enterprise_linux:eap7-netty
redhatenterprise_linuxeap7-netty-allp-cpe:/a:redhat:enterprise_linux:eap7-netty-all
redhatenterprise_linuxeap7-netty-bufferp-cpe:/a:redhat:enterprise_linux:eap7-netty-buffer
redhatenterprise_linuxeap7-netty-codecp-cpe:/a:redhat:enterprise_linux:eap7-netty-codec
redhatenterprise_linuxeap7-netty-codec-dnsp-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-dns
redhatenterprise_linuxeap7-netty-codec-haproxyp-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-haproxy
redhatenterprise_linuxeap7-netty-codec-httpp-cpe:/a:redhat:enterprise_linux:eap7-netty-codec-http
Rows per page:
1-10 of 311

References

Related

nessus 43
redhat 25
ibm 48
ubuntucve 3
prion 3
cgr 2
veracode 3
githubexploit 1
debiancve 3
redos 1
cve 3
cvelist 3
osv 13
github 3
mageia 2
openvas 18
f5 1
atlassian 3
debian 1
broadcom 2
wolfi 1
alpinelinux 1
redhatcve 3
thn 2
rocky 3
almalinux 3
oraclelinux 2
hivepro 1
freebsd 1
checkpoint_advisories 1
nessus
nessus
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update (Moderate) (RHSA-2022:5893)
2022-08-04 00:00:00
RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)
2022-08-08 00:00:00
Oracle Coherence Unauthorized Access (Oct 2022 CPU)
2022-10-21 00:00:00
redhat
redhat
(RHSA-2022:5928) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
2022-08-08 19:39:55
(RHSA-2022:5893) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update
2022-08-03 15:36:29
(RHSA-2022:5894) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.6 Security update.
2022-08-03 15:37:48
ibm
ibm
Security Bulletin: There is a vulnerability in Netty used by IBM Maximo Asset Management ( CVE-2022-24823)
2023-09-07 17:06:38
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Netty information disclosure (CVE-2022-24823)
2022-08-30 18:16:54
Security Bulletin: IBM Cognos Analytics has addressed a vulnerability (CVE-2021-44906)
2023-07-27 21:13:11
ubuntucve
ubuntucve
CVE-2021-44906
2022-03-17 00:00:00
CVE-2022-25647
2022-05-01 00:00:00
CVE-2022-24823
2022-05-06 00:00:00
prion
prion
Code injection
2022-03-17 16:15:00
Deserialization of untrusted data
2022-05-01 16:15:00
Information disclosure
2022-05-06 12:15:00
cgr
cgr
CVE-2022-24823 vulnerabilities
2024-05-19 03:07:16
CVE-2022-25647 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Prototype Pollution
2022-03-18 02:42:04
Denial Of Service (DoS)
2022-05-04 14:43:44
Information Disclosure
2022-05-09 05:01:24
githubexploit
githubexploit
Exploit for Prototype Pollution in Substack Minimist
2023-10-02 15:20:35
debiancve
debiancve
CVE-2021-44906
2022-03-17 16:15:00
CVE-2022-25647
2022-05-01 16:15:00
CVE-2022-24823
2022-05-06 12:15:00
redos
redos
ROS-20240507-05
2024-05-07 00:00:00
cve
cve
CVE-2021-44906
2022-03-17 16:15:00
CVE-2022-25647
2022-05-01 16:15:00
CVE-2022-24823
2022-05-06 12:15:00
cvelist
cvelist
CVE-2021-44906
2022-03-17 13:05:57
CVE-2022-25647 Deserialization of Untrusted Data
2022-05-01 00:00:00
CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http
2022-05-06 12:05:11
osv
osv
Prototype Pollution in minimist
2022-03-18 00:01:09
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
CVE-2022-25647
2022-05-01 16:15:08
github
github
Prototype Pollution in minimist
2022-03-18 00:01:09
Deserialization of Untrusted Data in Gson
2022-05-03 00:00:44
Local Information Disclosure Vulnerability in io.netty:netty-codec-http
2022-05-10 08:46:50
mageia
mageia
Updated nodejs-minimist packages fix security vulnerability
2023-02-07 03:06:39
Updated google-gson packages fix security vulnerability
2022-09-21 21:15:27
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0035)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3001-1)
2022-05-14 00:00:00
Mageia: Security Advisory (MGASA-2022-0340)
2022-09-22 00:00:00
f5
f5
K00994461 : GSON vulnerability CVE-2022-25647
2022-08-29 00:00:00
atlassian
atlassian
com.google.code.gson Vulnerability in Bitbucket Data Center and Server
2023-10-04 19:45:55
Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server
2023-08-17 00:00:56
DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server
2023-11-12 13:45:35
debian
debian
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
2022-09-07 10:22:18
broadcom
broadcom
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization
2023-08-29 00:00:00
Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169
2023-08-29 00:00:00
wolfi
wolfi
CVE-2022-25647 vulnerabilities
2024-06-02 22:01:16
alpinelinux
alpinelinux
CVE-2022-25647
2022-05-01 16:15:00
redhatcve
redhatcve
CVE-2022-25647
2022-05-02 07:38:06
CVE-2022-24823
2022-05-17 15:01:10
CVE-2021-44906
2022-03-19 23:40:42
thn
thn
Solving the indirect vulnerability enigma - fixing indirect vulnerabilities without breaking your dependency tree
2022-07-01 09:45:00
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-09-22 08:00:00
rocky
rocky
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-23 14:30:11
nodejs:14 security, bug fix, and enhancement update
2023-01-09 14:24:14
nodejs:16 security, bug fix, and enhancement update
2022-12-15 15:42:25
almalinux
almalinux
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-23 00:00:00
Moderate: nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
Moderate: nodejs:16 security, bug fix, and enhancement update
2022-12-15 00:00:00
oraclelinux
oraclelinux
nodejs and nodejs-nodemon security, bug fix, and enhancement update
2023-01-24 00:00:00
nodejs:14 security, bug fix, and enhancement update
2023-01-09 00:00:00
hivepro
hivepro
Critical Security Vulnerabilities Discovered in Atlassian Products
2023-09-27 10:22:43
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
checkpoint_advisories
checkpoint_advisories
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
2020-06-21 00:00:00

8.8 High

AI Score

Confidence

Low

JSON
Related for REDHAT-RHSA-2022-5892.NASL
nessus43redhat25ibm48ubuntucve3prion3cgr2veracode3githubexploit1debiancve3redos1cve3cvelist3osv13github3mageia2openvas18f51atlassian3debian1broadcom2wolfi1alpinelinux1redhatcve3thn2rocky3almalinux3oraclelinux2hivepro1freebsd1checkpoint_advisories1