Fuse Red Hat Fuse

Do you want an email whenever new security vulnerabilities are reported in Red Hat Fuse?

Recent Red Hat Fuse Security Advisories

Advisory Title Published
RHSA-2021:5134 (RHSA-2021:5134) Critical: Red Hat Fuse 7.10.0 release and security update December 14, 2021
RHSA-2021:3140 (RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update August 11, 2021
RHSA-2021:1401 (RHSA-2021:1401) Moderate: Red Hat Fuse 7.8.1 patch release and security update April 27, 2021

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Fuse . Fuse did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 1 6.50
2019 2 7.15
2018 1 8.80

It may take a day or so for new Fuse vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Fuse Security Vulnerabilities

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections

CVE-2020-25689 6.5 - Medium - November 02, 2020

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

Memory Leak

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins

CVE-2019-14860 6.5 - Medium - November 08, 2019

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.

Improper Input Validation

A specifically crafted Docker image running under the root user

CVE-2019-0204 7.8 - High - March 25, 2019

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security

CVE-2018-1258 8.8 - High - May 11, 2018

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Fuse or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

Red Hat Fuse
Product

subscribe