David Jorm

**Name of the Vulnerable Software and Affected Versions** JBoss AS 7 versions prior to 7.1.1 **Description** The issue arises from the different handling of default hostname by JBoss AS 7 and mod cluster, leading to a mismatch in the excluded-contexts list and potentially exposing the root context. **Recommendations** For JBoss AS 7 versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Nuxeo Platform versions 5.6.0 through 5.6.0 before HF27 Nuxeo Platform versions 5.8.0 through 5.8.0 before HF-01 Description: The issue allows remote attackers to execute arbitrary code via crafted serialized data because the RichFaces implementation does not restrict the classes for which deserialization methods can be called. Recommendations: For Nuxeo Platform versions 5.6.0 through 5.6.0 before HF27, apply Hotfix 27 to resolve the issue. For Nuxeo Platform versions 5.8.0 through 5.8.0 before HF-01, apply Hotfix 01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Restlet version 1.1.10 **Description** An XML eXternal Entity (XXE) issue exists in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. **Recommendations** For Restlet version 1.1.10, consider disabling the XML transport endpoint temporarily as a mitigation measure until a patch is available. Restrict access to the endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBossWeb (affected versions not specified) **Description** The issue is related to reflected XSS in JBossWeb Bayeux. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zanata versions 3.0.0 through 3.1.2 **Description** The issue is related to Remote Code Execution (RCE) due to EL interpolation in logging. **Recommendations** For versions 3.0.0 through 3.1.2, update to a version that fixes the EL interpolation issue in logging to prevent RCE.

**Name of the Vulnerable Software and Affected Versions** ManageIQ EVM (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBoss Operations Network versions prior to 2.3.1 **Description** A missing permission check was found in The CLI in JBoss Operations Network, which does not properly check permissions. This allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ManageIQ Enterprise Virtualization Manager (EVM) (affected versions not specified) **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests with unspecified impact. The exact vectors used for this exploitation are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hawt.io (affected versions not specified) Description: The issue concerns the admin terminal in Hawt.io, which does not require authentication. This allows remote attackers to execute arbitrary commands via the `k` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Play versions prior to 2.2.6 Play versions 2.3.x prior to 2.3.5 Description: The issue is related to an XML external entity (XXE) vulnerability in the Java XML processing functionality. This might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. Recommendations: For Play versions prior to 2.2.6, update to version 2.2.6 or later. For Play versions 2.3.x prior to 2.3.5, update to version 2.3.5 or later.

**Name of the Vulnerable Software and Affected Versions** Opendaylight versions prior to Helium SR3 **Description** The issue concerns the custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight. This realm will authenticate any username and password combination, indicating a significant security flaw. **Recommendations** For versions prior to Helium SR3, update to Helium SR3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ambari versions 1.2.0 through 2.2.2 Description: The issue allows for the potential execution of arbitrary system commands on the Ambari Server host during the generation of SSL certificates for hosts in an Ambari cluster. Recommendations: For Ambari versions 1.2.0 through 2.2.2, update to a version that contains a fix for this issue to prevent the execution of arbitrary system commands.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss BPM Suite versions prior to 6.1.2 **Description** The issue is related to an XML external entity (XXE) vulnerability in the dashbuilder import facility. This vulnerability allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and potentially have other unspecified impacts by providing a crafted XML document. **Recommendations** For versions prior to 6.1.2, update to version 6.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the ImportManagerImpl class in the org.jboss.dashboard.export package to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 3.0.0 through 3.2.8 Spring Framework versions 4.0.0 through 4.0.4 Description: The issue arises when processing user-provided XML documents, as the Spring Framework did not disable by default the resolution of URI references in a DTD declaration, enabling an XXE attack. Recommendations: For Spring Framework versions 3.0.0 through 3.2.8, disable the resolution of URI references in DTD declarations to prevent XXE attacks. For Spring Framework versions 4.0.0 through 4.0.4, disable the resolution of URI references in DTD declarations to prevent XXE attacks.

**Name of the Vulnerable Software and Affected Versions** Teiid versions prior to 8.4.3 Teiid versions prior to 8.7 Red Hat JBoss Data Virtualization 6.0.0 before patch 3 **Description** The issue allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. This means that an attacker can potentially access sensitive files on the system by exploiting this weakness. **Recommendations** For Teiid versions prior to 8.4.3, update to version 8.4.3 or later. For Teiid versions prior to 8.7, update to version 8.7 or later. For Red Hat JBoss Data Virtualization 6.0.0, apply patch 3 or later.

**Name of the Vulnerable Software and Affected Versions** oVirt versions 3.4 **Description** The issue is related to an XML External Entity (XXE) problem in the REST API of the ovirt-engine in oVirt. This allows remote authenticated users to read arbitrary files and potentially have other impacts via unknown vectors. **Recommendations** For version 3.4, consider restricting access to the REST API until a fix is available. As a temporary workaround, avoid using the API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Operations Network (JON) versions prior to 2.4.2 **Description** The issue is related to the improper enforcement of "modify resource" permissions for remote authenticated users. Specifically, when a remote authenticated user deletes a plug-in configuration update from the group connection properties history, the activity is not recorded in the audit trail. **Recommendations** For versions prior to 2.4.2, update to version 2.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Operations Network (JON) versions prior to 3.0.1 **Description** The issue allows local users to read or modify subdirectories and files within the root directory due to the use of 0777 permissions when installing a remote client. This could potentially allow users to obtain JON credentials. **Recommendations** For versions prior to 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the root directory to a more restrictive setting to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Operations Network (JON) versions prior to 2.4.2 Red Hat JBoss Operations Network (JON) versions 3.0.x prior to 3.0.1 **Description** The issue allows remote attackers to hijack agent sessions via an agent registration request without a security token. **Recommendations** For versions prior to 2.4.2, update to version 2.4.2 or later. For versions 3.0.x prior to 3.0.1, update to version 3.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Operations Network (JON) versions 2.4.2 and earlier, 3.0.x before 3.0.1 **Description** The issue allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request when LDAP authentication is enabled and the LDAP bind account credentials are invalid. **Recommendations** For versions 2.4.2 and earlier, update to version 2.4.2 or later to resolve the issue. For versions 3.0.x before 3.0.1, update to version 3.0.1 or later to resolve the issue. As a temporary workaround, consider disabling LDAP authentication until a patch is available.