CVE-2022-4492 - Redhat Migration Toolkit For Runtimes, Redhat Build Of Quarkus and Redhat Single Sign-on

February 23, 2023

Critical 9.8

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

Affected software

Redhat Migration Toolkit For Runtimes

Redhat Build Of Quarkus

Redhat Single Sign-on

Redhat Jboss Fuse

Redhat Integration Camel For Spring Boot

Redhat Integration Camel K

Redhat Integration Service Registry

Redhat Undertow

Redhat Migration Toolkit For Applications

Redhat Jboss Enterprise Application Platform

Reference links

https://bugzilla.redhat.com/show_bug.cgi?id=2153260
https://access.redhat.com/security/cve/CVE-2022-4492

CVE-2022-4492 - Redhat Migration Toolkit For Runtimes, Redhat Build Of Quarkus and Redhat Single Sign-on

Affected software

Reference links

Get alerted to vulnerabilities in your software