RHV manager packages are installed on Host resulting in Vulnerabilities
Issue
- Below Vulnerabilities are reported for RHVH :
CVE Vulnerability name
------------------------------------------------------------------------------------------------------------------
CVE-2019-10744,CVE-2019-11358,CVE-2019-8331 RHEL 7 : Virtualization Manager (RHSA-2019:3024)
CVE-2018-1002105,CVE-2018-14632 RHEL 7 : OpenShift Container Platform 3.9 (RHSA-2018:2908)
CVE-2018-1114,CVE-2018-7489 RHEL 7 : JBoss EAP (RHSA-2018:2089)
CVE-2018-1072,CVE-2018-1075 RHEL 7 : Virtualization Manager (RHSA-2018:2071)
CVE-2016-5003 RHEL 7 : xmlrpc (RHSA-2018:1780)
CVE-2018-1047,CVE-2018-1067,CVE-2018-8088 RHEL 7 : JBoss EAP (RHSA-2018:1247)
CVE-2019-10086 RHEL 7 : apache-commons-beanutils (RHSA-2020:0194)
CVE-2018-10934,CVE-2018-14642,CVE-2018-1000632 RHEL 7 : JBoss EAP (RHSA-2019:0365)
CVE-2018-10862,CVE-2018-8039 RHEL 6 / 7 : JBoss EAP (RHSA-2018:2276)
CVE-2019-19336 RHEL 7 : Red Hat Virtualization Engine (RHSA-2020:0498)
CVE-2019-10194 RHEL 7 : Virtualization Manager (RHSA-2019:2499)
CVE-2017-2582 RHEL 7 : JBoss EAP (RHSA-2019:0137)
CVE-2018-14627 RHEL 7 : JBoss EAP (RHSA-2018:3528)
CVE-2018-3639 RHEL 7 : Virtualization Manager (RHSA-2018:1676) (Spectre)
CVE-2021-4104 Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
CVE-2019-17571,CVE-2020-9488,CVE-2022-23302,CVE-2022-23305 Apache Log4j 1.x Multiple Vulnerabilities
,CVE-2022-23307
CVE-2017-12624,CVE-2018-1000180,CVE-2018-10237,CVE-2018-10862RHEL 7 : JBoss EAP (RHSA-2018:2424)
,CVE-2018-8039
CVE-2019-10086,CVE-2019-17195 RHEL 7 : Red Hat Virtualization Engine security, bug fix 4.3.9 (Low) (RHSA-2020:1308)
Environment
- Red Hat Virtualization 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.