RHSA-2019:2804: Important: Red Hat JBoss Fuse/A-MQ 6.3 R13 security and bug fix update

Published Sep 17, 2019
·
Updated

Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications.This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.Security fix(es): jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899) jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis (CVE-2018-11307) jackson-databind: improper polymorphic deserialization of types from Jodd-db library (CVE-2018-12022) jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver (CVE-2018-12023) jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718) jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719) jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360) jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361) jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software

2 affected components
Red Hat JBoss Fuse
Red Hat A-MQ

Remediation

Event History

Sep 17, 2019
Advisory Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2019:2804?

The severity of RHSA-2019:2804 is categorized as important.

2

How do I fix the vulnerabilities described in RHSA-2019:2804?

To fix the vulnerabilities in RHSA-2019:2804, you need to apply the available updates for Red Hat Fuse 6.3.

3

What versions of Red Hat Fuse are affected by RHSA-2019:2804?

RHSA-2019:2804 affects Red Hat Fuse 6.3.

4

What are the implications of not addressing RHSA-2019:2804?

Not addressing RHSA-2019:2804 may leave your system vulnerable to potential security exploits.

5

Is there a workaround for the issues in RHSA-2019:2804?

There is no specific workaround mentioned for RHSA-2019:2804, so it is recommended to apply the fix as soon as possible.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203