{"id":"RHSA-2022:5555","summary":"Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update","modified":"2026-04-02T10:02:27Z","published":"2024-09-20T15:11:25Z","upstream":["CVE-2021-22096","CVE-2021-33623","CVE-2021-35515","CVE-2021-35516","CVE-2021-35517","CVE-2021-36090","CVE-2021-3807","CVE-2022-22950","CVE-2022-31051"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2022:5555"},{"type":"ARTICLE","url":"https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#moderate"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1663217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1782077"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849045"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1852308"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1958032"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966615"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1976607"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981895"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981900"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981903"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1981909"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1994144"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001574"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2001923"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006625"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007557"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2030293"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2068270"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2069414"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2070045"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072626"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081241"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2081559"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2089856"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2092885"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2093795"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2097414"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2099650"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2105296"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5555.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3807"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-3807"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3807"},{"type":"ARTICLE","url":"https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-22096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034584"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-22096"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22096"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-33623"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-33623"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33623"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-35515"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-35515"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35515"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/07/13/1"},{"type":"ARTICLE","url":"https://commons.apache.org/proper/commons-compress/security-reports.html"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-35516"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-35516"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35516"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/07/13/2"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-35517"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-35517"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35517"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/07/13/3"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-36090"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-36090"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-36090"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/07/13/4"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-22950"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-22950"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-22950"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-31051"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-31051"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31051"},{"type":"ARTICLE","url":"https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x"}],"affected":[{"package":{"name":"ovirt-web-ui","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-web-ui"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.0-1.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:5555.json"}},{"package":{"name":"ovirt-dependencies","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/ovirt-dependencies"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.5.2-1.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:5555.json"}},{"package":{"name":"apache-commons-compress","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/apache-commons-compress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.21-1.2.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:5555.json"}},{"package":{"name":"apache-commons-compress-javadoc","ecosystem":"Red Hat:rhev_manager:4.4:el8","purl":"pkg:rpm/redhat/apache-commons-compress-javadoc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.21-1.2.el8ev"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2022:5555.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}