RHSA-2021:2210: Moderate: EAP XP 1 security update to CVE fixes in the EAP 7.3.x base

Published Jun 2, 2021
·
Updated

These are CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP1 code base.Security Fix(es): velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936) bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052) jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client (CVE-2020-35510) undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220) wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250) netty: Information disclosure via the local system temporary directory (CVE-2021-21290) guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software

2 affected components
Red Hat EAP XP 1
Red Hat EAP>=7.3.0<=7.3.x

Remediation

Event History

Jun 2, 2021
Advisory Published
12:00 AM
Data Sourced
12:00 AM
RemedyDescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of RHSA-2021:2210?

The severity of RHSA-2021:2210 is considered high due to the potential for arbitrary code execution.

2

How do I fix RHSA-2021:2210?

To fix RHSA-2021:2210, you should update to the patched version of EAP 7.3.x provided by the vendor.

3

What vulnerabilities are addressed in RHSA-2021:2210?

RHSA-2021:2210 addresses vulnerabilities including CVE-2020-13936 related to arbitrary code execution in Velocity.

4

Who is affected by RHSA-2021:2210?

Risks from RHSA-2021:2210 primarily affect users of EAP XP1 releases that utilize vulnerable templates.

5

Is there a workaround for RHSA-2021:2210?

There are no recommended workarounds for RHSA-2021:2210; updating to the latest version is advised.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203