Red Hat Security Advisory 2019-1545-01 - This release of Red Hat Fuse 7.3.1 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and deserialization vulnerabilities.
ab4cb414516f95e468f2713be03c38910af951da3e52c9375a4e50d3739697bf
Red Hat Security Advisory 2016-2035-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss Fuse 6.3 is a minor product release that updates Red Hat JBoss Fuse 6.2.1, and includes several bug fixes and enhancements.
783d844b4a979957118ea3b2ddd3e8f2ab6d7c6074b85f24619161724330d970
Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.
bc0ba25e24a6861d8b1b621296d58137fc8a9bd92ad08063291c68432d9bd996
Red Hat Security Advisory 2016-1135-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
f0d10c6351dc1ccb2185e7748a900ce9ee506c454465193932f6e7408d290666
Red Hat Security Advisory 2016-0540-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.2.2 serves as a replacement for Red Hat JBoss BRMS 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
665962cdf4a13cefb40da7085a3dc36d59169021a46e32bf03064620138404c6
Red Hat Security Advisory 2016-0539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.2.2 serves as a replacement for Red Hat JBoss BPM Suite 6.2.1, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
28fb3ef69702b9d7f3b33434cb18f2b8b3b0d567bda819e727e091164c8cdec9
Ubuntu Security Notice 2923-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell incorrectly handled deserialization. A remote attacker could possibly use this issue to execute arbitrary code.
3fd51cf31d3027308b2b62ccbdb0574abcbabf1d05ac42351d8f18a0cc8ad81f
Debian Linux Security Advisory 3504-1 - Alvaro Munoz and Christian Schneider discovered that BeanShell, an embeddable Java source interpreter, could be leveraged to execute classpath are vulnerable to this flaw if they deserialize data from an untrusted source.
f4f0e6419ad2b178f01df1e0b64b89a4af27cb4e07b34cf2b61df67612525172