What is RHSA-2020:3779?

RHSA-2020:3779 is a security advisory published by Red Hat Product Security with High severity. Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update

Which CVE IDs does RHSA-2020:3779 cover?

RHSA-2020:3779 covers the following CVE IDs: CVE-2017-7657, CVE-2017-7658, CVE-2020-1695, CVE-2020-9546, CVE-2020-1710, CVE-2020-1745, CVE-2020-8840, CVE-2020-10672, CVE-2020-11111, CVE-2020-9488, CVE-2020-9547, CVE-2020-10968, CVE-2020-10969, CVE-2020-11112, CVE-2020-11113, CVE-2020-11612, CVE-2020-11620, CVE-2019-10172, CVE-2020-1719, CVE-2020-1748, CVE-2020-1757, CVE-2020-9548, CVE-2020-10673, CVE-2020-10714, CVE-2020-11619, CVE-2017-7656. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of RHSA-2020:3779?

RHSA-2020:3779 has a CVSS v3 base score of 9.8, published by Red Hat Product Security.

RHSA-2020:3779HighCVSS 9.8

Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update

Vendor

Red Hat Product Security

Published

September 17, 2020

Last Modified

May 29, 2026

📋 Description

CVE-2017-7656 — jetty: HTTP request smuggling using the range header CVE-2017-7657 — jetty: HTTP request smuggling CVE-2017-7658 — jetty: Incorrect header handling CVE-2019-10172 — jackson-mapper-asl: XML external entity similar to CVE-2016-3720 CVE-2020-1695 — resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class CVE-2020-1710 — EAP: field-name is not parsed in accordance to RFC7230 CVE-2020-1719 — Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain CVE-2020-1745 — undertow: AJP File Read/Inclusion Vulnerability CVE-2020-1748 — Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain CVE-2020-1757 — undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass CVE-2020-8840 — jackson-databind: Lacks certain xbean-reflect/JNDI blocking CVE-2020-9488 — log4j: improper validation of certificate with host mismatch in SMTP appender CVE-2020-9546 — jackson-databind: Serialization gadgets in shaded-hikari-config CVE-2020-9547 — jackson-databind: Serialization gadgets in ibatis-sqlmap CVE-2020-9548 — jackson-databind: Serialization gadgets in anteros-core CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10714 — wildfly-elytron: session fixation when using FORM authentication CVE-2020-10968 — jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider CVE-2020-10969 — jackson-databind: Serialization gadgets in javax.swing.JEditorPane CVE-2020-11111 — jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory CVE-2020-11112 — jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider CVE-2020-11113 — jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-11619 — jackson-databind: Serialization gadgets in org.springframework:spring-aop CVE-2020-11620 — jackson-databind: Serialization gadgets in commons-jelly:commons-jelly

Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update

🔗 CVE IDs covered (26)

📋 Description

🔗 References (29)