VDB
RHSA-2023%3A3954
RHSA-2023%3A3954
PUBLISHED
CVSS 3.700000047683716 LOW
A minor version update (from 7.11 to 7.12) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Risk Scores
CVSS 3.1
3.700000047683716
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Fuse 7.12 |
Exploit Intelligence
- Demonstration of CVE-2022-31692 authorization bypass in Spring Security (github-poc-repo)
- Demonstration of CVE-2022-31692 authorization bypass in Spring Security (github-poc-repo)
- Vulnerable svg-to-png service (github-poc-repo)
- Vulnerable svg-to-png service (github-poc-repo)
- Moment.js vuln lab (github-poc-repo)
- Moment.js vuln lab (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server. (github-poc-repo)
- This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server. (github-poc-repo)
…and 82 more exploits
Timeline
- Jun 29, 2023 CVE Published
- Dec 17, 2024 CVE Updated
- Apr 3, 2026 Distribution Patch
- Apr 3, 2026 Distribution Patch
- Apr 3, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2023:3954 advisory
- https://access.redhat.com/security/updates/classification/#critical url
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.12.0 url
- https://access.redhat.com/documentation/en-us/red_hat_fuse/7.12/ url
- https://bugzilla.redhat.com/show_bug.cgi?id=873317 url
- https://bugzilla.redhat.com/show_bug.cgi?id=1886587 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2072009 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2142707 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2144970 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2151988 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2153260 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2153379 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2153399 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2155291 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2155292 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2155295 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2155681 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2155682 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2158695 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2162053 url
…and 14 more