The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory.

  - minimist: prototype pollution (CVE-2021-44906)

  - netty: world readable temporary file containing sensitive data (CVE-2022-24823)

  - com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)

critical Nessus Plugin ID 163916

Version 1.7

Version 1.6

Version 1.7 Oct 16, 2023, 2:13 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-44906") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310161413
Version 1.6 Feb 3, 2023, 4:48 AM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202302030448