Vulnerability scanner issue with CVE-2022-29599 and RHEL 8
208 views
Skip to first unread message
Antti Backman
Nov 29, 2022, 1:05:10 AM11/29/22
to Wazuh mailing list
Hi
We've encountered a peculiar issue with vulnerability detection / scanning of above CVE. After throrough investigation of the issue we have not been able to identify why Wazuh reports a system to be affected by the CVE.
Our review showed that there's maven related RHSA (4797 and 4798) that deal with the issue in relation to different maven versions 3.6 and 3.5 respectively.
Initially we thoughed that the issue was with RHEL security paching, but after several rounds of monhtly pacthing and manual 'dnf' / 'yum' checks on reported systems having the CVE active, we deemed that not to be the case. Repository manager does not give any updates for the CVE, hence we cannot do anything for the issue.
One of the challenges in this case is that the maven is bundled with apache packages and not separately installed by the package manager on the servers. Which obviously makes it that much harder to identify.
All the affected servers are running RHEL 8.7 and the particular packages that are reported vulnerable by Wazuh are
Package less than 1.4-7.module+el8.6.0+13337+afcb49ec
Package less than 1.13-3.module+el8.6.0+13337+afcb49ec
Package less than 1:2.6-6.module+el8.6.0+13337+afcb49ec
Package less than 3.9-4.module+el8.6.0+13337+afcb49ec
Package less than 4.5.10-4.module+el8.6.0+13337+afcb49ec
Package less than 4.4.12-3.module+el8.6.0+13337+afcb49ec
Package less than 1.4-7.module+el8.6.0+13337+afcb49ec
Package less than 1.13-3.module+el8.6.0+13337+afcb49ec
Package less than 1:2.6-6.module+el8.6.0+13337+afcb49ec
Package less than 3.9-4.module+el8.6.0+13337+afcb49ec
Package less than 4.5.10-4.module+el8.6.0+13337+afcb49ec
Package less than 4.4.12-3.module+el8.6.0+13337+afcb49ec
Which are affected if the issue is related to RHSA 4797, but according to our investigation we have packages installed that fall under RHSA 4798, for which we have up-to-date packages installed.
We're running on-premise installation in version 4.3.8 on Manager and Agents.
Unfortunately I cannot give any details nor output from the systems as we're running security critical environment for services that cannot be disclosed.
My question is, would it be possible that for whatever reson, the vulnerability scanner cannot differentiate correctly the system setup in relation to the CVE / RHSAs?
We should be able to fix the issue, but as explained we really cannot do anything. And due to the aforementioned reasons our policy is to install packages only from approved repository sources and not to tinker with direct installs of updates (unless utmost importance decided separately).
Thanks for the good product you have, and looking foward to hear your comments.
BR, Antti
Franco Giovanolli
Nov 30, 2022, 4:25:34 AM11/30/22
to Wazuh mailing list
Hi Antti, thanks for using Wazuh!
The drawback you mention is interesting. To better support my answer, I'm going to contact the team in charge of developing this Wazuh feature, who will be able to provide more details.
I get back to you as soon as possible.
Regards,
Franco.
The drawback you mention is interesting. To better support my answer, I'm going to contact the team in charge of developing this Wazuh feature, who will be able to provide more details.
I get back to you as soon as possible.
Regards,
Franco.
Antti Backman
Jan 17, 2023, 9:05:11 AM1/17/23
to Wazuh mailing list
Any updates on this, have your back-end experts been able to look at this? In the meanwhile we've updated to 4.3.10 but same issue persists.
BR,
//Antti
Antti Backman
Feb 13, 2023, 4:48:33 AM2/13/23
to Wazuh mailing list
Hi Wazuh team
Any news on this, issue is still pending resolution. We've purged and refreshed local vulnerability database but that did not change anything.
Franco Giovanolli
Feb 13, 2023, 5:36:41 AM2/13/23
to Antti Backman, Wazuh mailing list
Hi Antti,
Sorry for the delay in my reply, I will catch up on the thread and get back to you shortly.
Franco.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/eba07fa3-f538-4600-805f-affb58f46171n%40googlegroups.com.
 | Franco Giovanolli Cloud Team  The Open Source Security Platform |
Franco Giovanolli
Feb 13, 2023, 6:53:34 AM2/13/23
to Antti Backman, Wazuh mailing list
Hi Antti,
According to the feed for RHEL8, the reported vulnerability makes sense, as it appears to have some outdated components.
It appears to be reporting vulnerability CVE-2022-29599, due to some components that do not appear to be up to date and may cause the system to still be affected by this vulnerability.
As far as I have been able to see in the feed, there are some conditions that are not being met, so it appears that the condition is not being met and therefore vulnerable.
The first example I have seen would be the package
apache-commons-cli is older than 0:1.4-7.module+el8.6.0+13337+afcb49ec
So if you want to avoid that vulnerability, it would be necessary to update all components to avoid the conditions shown in the feed to fix the problem.
It appears to be reporting vulnerability CVE-2022-29599, due to some components that do not appear to be up to date and may cause the system to still be affected by this vulnerability.
As far as I have been able to see in the feed, there are some conditions that are not being met, so it appears that the condition is not being met and therefore vulnerable.
The first example I have seen would be the package
apache-commons-cli is older than 0:1.4-7.module+el8.6.0+13337+afcb49ec
So if you want to avoid that vulnerability, it would be necessary to update all components to avoid the conditions shown in the feed to fix the problem.
<definition class="patch" id="oval:com.redhat.rhsa:def:20224797" version="639">
<metadata>
<title>RHSA-2022:4797: maven:3.6 security update (Important)</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 8</platform>
</affected>
<reference ref_id="RHSA-2022:4797" ref_url="https://access.redhat.com/errata/RHSA-2022:4797" source="RHSA"/>
<reference ref_id="CVE-2022-29599" ref_url="https://access.redhat.com/security/cve/CVE-2022-29599" source="CVE"/>
<description>The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.</description>
<advisory from="seca...@redhat.com">
<severity>Important</severity>
<rights>Copyright 2022 Red Hat, Inc.</rights>
<issued date="2022-05-30"/>
<updated date="2022-05-30"/>
<cve cvss3="9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" cwe="CWE-77" href="https://access.redhat.com/security/cve/CVE-2022-29599" impact="important" public="20200529">CVE-2022-29599</cve>
<bugzilla href="https://bugzilla.redhat.com/2066479" id="2066479">CVE-2022-29599 maven-shared-utils: Command injection via Commandline class</bugzilla>
<affected_cpe_list>
<cpe>cpe:/a:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::appstream</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::crb</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::highavailability</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::nfv</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::realtime</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::resilientstorage</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap_hana</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::supplementary</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8::baseos</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux must be installed" test_ref="oval:com.redhat.cve:tst:20052541004"/>
<criteria operator="AND">
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux 8 is installed" test_ref="oval:com.redhat.cve:tst:20052541003"/>
<criterion comment="Red Hat CoreOS 4 is installed" test_ref="oval:com.redhat.rhba:tst:20191992004"/>
</criteria>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="Module maven:3.6 is enabled" test_ref="oval:com.redhat.cve:tst:20208908014"/>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="aopalliance is earlier than 0:1.0-20.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860001"/>
<criterion comment="aopalliance is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291002"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-cli is earlier than 0:1.4-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860003"/>
<criterion comment="apache-commons-cli is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291052"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-codec is earlier than 0:1.13-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860005"/>
<criterion comment="apache-commons-codec is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291106"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-io is earlier than 1:2.6-6.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860007"/>
<criterion comment="apache-commons-io is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291024"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-lang3 is earlier than 0:3.9-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860009"/>
<criterion comment="apache-commons-lang3 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291012"/>
</criteria>
<criteria operator="AND">
<criterion comment="atinject is earlier than 0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860011"/>
<criterion comment="atinject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291102"/>
</criteria>
<criteria operator="AND">
<criterion comment="cdi-api is earlier than 0:2.0.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860013"/>
<criterion comment="cdi-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291078"/>
</criteria>
<criteria operator="AND">
<criterion comment="geronimo-annotation is earlier than 0:1.0-26.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860015"/>
<criterion comment="geronimo-annotation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291090"/>
</criteria>
<criteria operator="AND">
<criterion comment="google-guice is earlier than 0:4.2.2-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860017"/>
<criterion comment="google-guice is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291062"/>
</criteria>
<criteria operator="AND">
<criterion comment="guava is earlier than 0:28.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860019"/>
<criterion comment="guava is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:20208908011"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-client is earlier than 0:4.5.10-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860021"/>
<criterion comment="httpcomponents-client is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291098"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-core is earlier than 0:4.4.12-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860023"/>
<criterion comment="httpcomponents-core is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291092"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi is earlier than 0:1.18-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860025"/>
<criterion comment="jansi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291010"/>
</criteria>
<criteria operator="AND">
<criterion comment="jcl-over-slf4j is earlier than 0:1.7.28-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860027"/>
<criterion comment="jcl-over-slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291040"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsoup is earlier than 0:1.12.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860029"/>
<criterion comment="jsoup is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291016"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsr-305 is earlier than 0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860031"/>
<criterion comment="jsr-305 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291086"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860033"/>
<criterion comment="maven is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291074"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-lib is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860035"/>
<criterion comment="maven-lib is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291046"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk11 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860037"/>
<criterion comment="maven-openjdk11 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291056"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk17 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860039"/>
<criterion comment="maven-openjdk17 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291004"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk8 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860041"/>
<criterion comment="maven-openjdk8 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291014"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver is earlier than 0:1.4.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860043"/>
<criterion comment="maven-resolver is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291064"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-shared-utils is earlier than 0:3.2.1-0.5.module+el8.6.0+15049+43453910" test_ref="oval:com.redhat.rhsa:tst:20224797045"/>
<criterion comment="maven-shared-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291066"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon is earlier than 0:3.3.4-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860047"/>
<criterion comment="maven-wagon is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291042"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-cipher is earlier than 0:1.7-17.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860049"/>
<criterion comment="plexus-cipher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291068"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-classworlds is earlier than 0:2.6.0-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860051"/>
<criterion comment="plexus-classworlds is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291038"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-containers-component-annotations is earlier than 0:2.1.0-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860053"/>
<criterion comment="plexus-containers-component-annotations is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291082"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-interpolation is earlier than 0:1.26-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860055"/>
<criterion comment="plexus-interpolation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291006"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-sec-dispatcher is earlier than 0:1.4-29.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860057"/>
<criterion comment="plexus-sec-dispatcher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291080"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-utils is earlier than 0:3.3.0-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860059"/>
<criterion comment="plexus-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291072"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu is earlier than 0:0.3.4-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860061"/>
<criterion comment="sisu is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291008"/>
</criteria>
<criteria operator="AND">
<criterion comment="slf4j is earlier than 0:1.7.28-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860063"/>
<criterion comment="slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291100"/>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</definition>
<definition class="patch" id="oval:com.redhat.rhsa:def:20224798" version="636">
<metadata>
<title>RHSA-2022:4798: maven:3.5 security update (Important)</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 8</platform>
</affected>
<reference ref_id="RHSA-2022:4798" ref_url="https://access.redhat.com/errata/RHSA-2022:4798" source="RHSA"/>
<reference ref_id="CVE-2022-29599" ref_url="https://access.redhat.com/security/cve/CVE-2022-29599" source="CVE"/>
<description>The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.</description>
<advisory from="seca...@redhat.com">
<severity>Important</severity>
<rights>Copyright 2022 Red Hat, Inc.</rights>
<issued date="2022-05-30"/>
<updated date="2022-05-30"/>
<cve cvss3="9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" cwe="CWE-77" href="https://access.redhat.com/security/cve/CVE-2022-29599" impact="important" public="20200529">CVE-2022-29599</cve>
<bugzilla href="https://bugzilla.redhat.com/2066479" id="2066479">CVE-2022-29599 maven-shared-utils: Command injection via Commandline class</bugzilla>
<affected_cpe_list>
<cpe>cpe:/a:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::appstream</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::crb</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::highavailability</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::nfv</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::realtime</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::resilientstorage</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap_hana</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::supplementary</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8::baseos</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux must be installed" test_ref="oval:com.redhat.cve:tst:20052541004"/>
<criteria operator="AND">
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux 8 is installed" test_ref="oval:com.redhat.cve:tst:20052541003"/>
<criterion comment="Red Hat CoreOS 4 is installed" test_ref="oval:com.redhat.rhba:tst:20191992004"/>
</criteria>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="Module maven:3.5 is enabled" test_ref="oval:com.redhat.cve:tst:20208908007"/>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="aopalliance is earlier than 0:1.0-17.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861001"/>
<criterion comment="aopalliance is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291002"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-cli is earlier than 0:1.4-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861003"/>
<criterion comment="apache-commons-cli is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291052"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-codec is earlier than 0:1.11-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861005"/>
<criterion comment="apache-commons-codec is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291106"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-io is earlier than 1:2.6-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861007"/>
<criterion comment="apache-commons-io is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291024"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-lang3 is earlier than 0:3.7-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861009"/>
<criterion comment="apache-commons-lang3 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291012"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-logging is earlier than 0:1.2-13.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861011"/>
<criterion comment="apache-commons-logging is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291070"/>
</criteria>
<criteria operator="AND">
<criterion comment="atinject is earlier than 0:1-28.20100611svn86.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861013"/>
<criterion comment="atinject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291102"/>
</criteria>
<criteria operator="AND">
<criterion comment="cdi-api is earlier than 0:1.2-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861015"/>
<criterion comment="cdi-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291078"/>
</criteria>
<criteria operator="AND">
<criterion comment="geronimo-annotation is earlier than 0:1.0-23.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861017"/>
<criterion comment="geronimo-annotation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291090"/>
</criteria>
<criteria operator="AND">
<criterion comment="glassfish-el-api is earlier than 0:3.0.1-0.7.b08.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861019"/>
<criterion comment="glassfish-el-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291054"/>
</criteria>
<criteria operator="AND">
<criterion comment="google-guice is earlier than 0:4.1-11.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861021"/>
<criterion comment="google-guice is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291062"/>
</criteria>
<criteria operator="AND">
<criterion comment="guava20 is earlier than 0:20.0-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861023"/>
<criterion comment="guava20 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:20208908002"/>
</criteria>
<criteria operator="AND">
<criterion comment="hawtjni-runtime is earlier than 0:1.16-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861025"/>
<criterion comment="hawtjni-runtime is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291026"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-client is earlier than 0:4.5.5-5.module+el8.6.0+13298+7b5243c0" test_ref="oval:com.redhat.rhsa:tst:20221861027"/>
<criterion comment="httpcomponents-client is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291098"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-core is earlier than 0:4.4.10-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861029"/>
<criterion comment="httpcomponents-core is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291092"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi is earlier than 0:1.17.1-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861031"/>
<criterion comment="jansi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291010"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi-native is earlier than 0:1.7-7.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861033"/>
<criterion comment="jansi-native is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291088"/>
</criteria>
<criteria operator="AND">
<criterion comment="jboss-interceptors-1.2-api is earlier than 0:1.0.0-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861035"/>
<criterion comment="jboss-interceptors-1.2-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291076"/>
</criteria>
<criteria operator="AND">
<criterion comment="jcl-over-slf4j is earlier than 0:1.7.25-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861037"/>
<criterion comment="jcl-over-slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291040"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsoup is earlier than 0:1.11.3-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861039"/>
<criterion comment="jsoup is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291016"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven is earlier than 1:3.5.4-5.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861041"/>
<criterion comment="maven is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291074"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-lib is earlier than 1:3.5.4-5.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861043"/>
<criterion comment="maven-lib is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291046"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-api is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861045"/>
<criterion comment="maven-resolver-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291018"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-connector-basic is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861047"/>
<criterion comment="maven-resolver-connector-basic is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291044"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-impl is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861049"/>
<criterion comment="maven-resolver-impl is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291058"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-spi is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861051"/>
<criterion comment="maven-resolver-spi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291060"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-transport-wagon is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861053"/>
<criterion comment="maven-resolver-transport-wagon is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291084"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-util is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861055"/>
<criterion comment="maven-resolver-util is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291096"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-shared-utils is earlier than 0:3.2.1-0.2.module+el8.6.0+15045+b1156105" test_ref="oval:com.redhat.rhsa:tst:20224798057"/>
<criterion comment="maven-shared-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291066"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-file is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861059"/>
<criterion comment="maven-wagon-file is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291028"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-http is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861061"/>
<criterion comment="maven-wagon-http is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291034"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-http-shared is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861063"/>
<criterion comment="maven-wagon-http-shared is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291104"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-provider-api is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861065"/>
<criterion comment="maven-wagon-provider-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291094"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-cipher is earlier than 0:1.7-14.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861067"/>
<criterion comment="plexus-cipher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291068"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-classworlds is earlier than 0:2.5.2-9.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861069"/>
<criterion comment="plexus-classworlds is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291038"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-containers-component-annotations is earlier than 0:1.7.1-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861071"/>
<criterion comment="plexus-containers-component-annotations is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291082"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-interpolation is earlier than 0:1.22-9.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861073"/>
<criterion comment="plexus-interpolation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291006"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-sec-dispatcher is earlier than 0:1.4-26.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861075"/>
<criterion comment="plexus-sec-dispatcher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291080"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-utils is earlier than 0:3.1.0-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861077"/>
<criterion comment="plexus-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291072"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu-inject is earlier than 1:0.3.3-6.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861079"/>
<criterion comment="sisu-inject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291022"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu-plexus is earlier than 1:0.3.3-6.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861081"/>
<criterion comment="sisu-plexus is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291050"/>
</criteria>
<criteria operator="AND">
<criterion comment="slf4j is earlier than 0:1.7.25-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861083"/>
<criterion comment="slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291100"/>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</definition>
<metadata>
<title>RHSA-2022:4797: maven:3.6 security update (Important)</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 8</platform>
</affected>
<reference ref_id="RHSA-2022:4797" ref_url="https://access.redhat.com/errata/RHSA-2022:4797" source="RHSA"/>
<reference ref_id="CVE-2022-29599" ref_url="https://access.redhat.com/security/cve/CVE-2022-29599" source="CVE"/>
<description>The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.</description>
<advisory from="seca...@redhat.com">
<severity>Important</severity>
<rights>Copyright 2022 Red Hat, Inc.</rights>
<issued date="2022-05-30"/>
<updated date="2022-05-30"/>
<cve cvss3="9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" cwe="CWE-77" href="https://access.redhat.com/security/cve/CVE-2022-29599" impact="important" public="20200529">CVE-2022-29599</cve>
<bugzilla href="https://bugzilla.redhat.com/2066479" id="2066479">CVE-2022-29599 maven-shared-utils: Command injection via Commandline class</bugzilla>
<affected_cpe_list>
<cpe>cpe:/a:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::appstream</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::crb</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::highavailability</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::nfv</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::realtime</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::resilientstorage</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap_hana</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::supplementary</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8::baseos</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux must be installed" test_ref="oval:com.redhat.cve:tst:20052541004"/>
<criteria operator="AND">
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux 8 is installed" test_ref="oval:com.redhat.cve:tst:20052541003"/>
<criterion comment="Red Hat CoreOS 4 is installed" test_ref="oval:com.redhat.rhba:tst:20191992004"/>
</criteria>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="Module maven:3.6 is enabled" test_ref="oval:com.redhat.cve:tst:20208908014"/>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="aopalliance is earlier than 0:1.0-20.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860001"/>
<criterion comment="aopalliance is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291002"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-cli is earlier than 0:1.4-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860003"/>
<criterion comment="apache-commons-cli is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291052"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-codec is earlier than 0:1.13-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860005"/>
<criterion comment="apache-commons-codec is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291106"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-io is earlier than 1:2.6-6.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860007"/>
<criterion comment="apache-commons-io is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291024"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-lang3 is earlier than 0:3.9-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860009"/>
<criterion comment="apache-commons-lang3 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291012"/>
</criteria>
<criteria operator="AND">
<criterion comment="atinject is earlier than 0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860011"/>
<criterion comment="atinject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291102"/>
</criteria>
<criteria operator="AND">
<criterion comment="cdi-api is earlier than 0:2.0.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860013"/>
<criterion comment="cdi-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291078"/>
</criteria>
<criteria operator="AND">
<criterion comment="geronimo-annotation is earlier than 0:1.0-26.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860015"/>
<criterion comment="geronimo-annotation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291090"/>
</criteria>
<criteria operator="AND">
<criterion comment="google-guice is earlier than 0:4.2.2-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860017"/>
<criterion comment="google-guice is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291062"/>
</criteria>
<criteria operator="AND">
<criterion comment="guava is earlier than 0:28.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860019"/>
<criterion comment="guava is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:20208908011"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-client is earlier than 0:4.5.10-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860021"/>
<criterion comment="httpcomponents-client is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291098"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-core is earlier than 0:4.4.12-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860023"/>
<criterion comment="httpcomponents-core is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291092"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi is earlier than 0:1.18-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860025"/>
<criterion comment="jansi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291010"/>
</criteria>
<criteria operator="AND">
<criterion comment="jcl-over-slf4j is earlier than 0:1.7.28-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860027"/>
<criterion comment="jcl-over-slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291040"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsoup is earlier than 0:1.12.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860029"/>
<criterion comment="jsoup is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291016"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsr-305 is earlier than 0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860031"/>
<criterion comment="jsr-305 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291086"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860033"/>
<criterion comment="maven is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291074"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-lib is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860035"/>
<criterion comment="maven-lib is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291046"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk11 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860037"/>
<criterion comment="maven-openjdk11 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291056"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk17 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860039"/>
<criterion comment="maven-openjdk17 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291004"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-openjdk8 is earlier than 1:3.6.2-7.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860041"/>
<criterion comment="maven-openjdk8 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291014"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver is earlier than 0:1.4.1-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860043"/>
<criterion comment="maven-resolver is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291064"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-shared-utils is earlier than 0:3.2.1-0.5.module+el8.6.0+15049+43453910" test_ref="oval:com.redhat.rhsa:tst:20224797045"/>
<criterion comment="maven-shared-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291066"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon is earlier than 0:3.3.4-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860047"/>
<criterion comment="maven-wagon is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291042"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-cipher is earlier than 0:1.7-17.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860049"/>
<criterion comment="plexus-cipher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291068"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-classworlds is earlier than 0:2.6.0-4.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860051"/>
<criterion comment="plexus-classworlds is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291038"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-containers-component-annotations is earlier than 0:2.1.0-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860053"/>
<criterion comment="plexus-containers-component-annotations is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291082"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-interpolation is earlier than 0:1.26-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860055"/>
<criterion comment="plexus-interpolation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291006"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-sec-dispatcher is earlier than 0:1.4-29.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860057"/>
<criterion comment="plexus-sec-dispatcher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291080"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-utils is earlier than 0:3.3.0-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860059"/>
<criterion comment="plexus-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291072"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu is earlier than 0:0.3.4-2.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860061"/>
<criterion comment="sisu is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291008"/>
</criteria>
<criteria operator="AND">
<criterion comment="slf4j is earlier than 0:1.7.28-3.module+el8.6.0+13337+afcb49ec" test_ref="oval:com.redhat.rhsa:tst:20221860063"/>
<criterion comment="slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291100"/>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</definition>
<definition class="patch" id="oval:com.redhat.rhsa:def:20224798" version="636">
<metadata>
<title>RHSA-2022:4798: maven:3.5 security update (Important)</title>
<affected family="unix">
<platform>Red Hat Enterprise Linux 8</platform>
</affected>
<reference ref_id="RHSA-2022:4798" ref_url="https://access.redhat.com/errata/RHSA-2022:4798" source="RHSA"/>
<reference ref_id="CVE-2022-29599" ref_url="https://access.redhat.com/security/cve/CVE-2022-29599" source="CVE"/>
<description>The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.</description>
<advisory from="seca...@redhat.com">
<severity>Important</severity>
<rights>Copyright 2022 Red Hat, Inc.</rights>
<issued date="2022-05-30"/>
<updated date="2022-05-30"/>
<cve cvss3="9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" cwe="CWE-77" href="https://access.redhat.com/security/cve/CVE-2022-29599" impact="important" public="20200529">CVE-2022-29599</cve>
<bugzilla href="https://bugzilla.redhat.com/2066479" id="2066479">CVE-2022-29599 maven-shared-utils: Command injection via Commandline class</bugzilla>
<affected_cpe_list>
<cpe>cpe:/a:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::appstream</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::crb</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::highavailability</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::nfv</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::realtime</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::resilientstorage</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::sap_hana</cpe>
<cpe>cpe:/a:redhat:enterprise_linux:8::supplementary</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8</cpe>
<cpe>cpe:/o:redhat:enterprise_linux:8::baseos</cpe>
</affected_cpe_list>
</advisory>
</metadata>
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux must be installed" test_ref="oval:com.redhat.cve:tst:20052541004"/>
<criteria operator="AND">
<criteria operator="OR">
<criterion comment="Red Hat Enterprise Linux 8 is installed" test_ref="oval:com.redhat.cve:tst:20052541003"/>
<criterion comment="Red Hat CoreOS 4 is installed" test_ref="oval:com.redhat.rhba:tst:20191992004"/>
</criteria>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="Module maven:3.5 is enabled" test_ref="oval:com.redhat.cve:tst:20208908007"/>
<criteria operator="OR">
<criteria operator="AND">
<criterion comment="aopalliance is earlier than 0:1.0-17.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861001"/>
<criterion comment="aopalliance is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291002"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-cli is earlier than 0:1.4-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861003"/>
<criterion comment="apache-commons-cli is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291052"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-codec is earlier than 0:1.11-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861005"/>
<criterion comment="apache-commons-codec is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291106"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-io is earlier than 1:2.6-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861007"/>
<criterion comment="apache-commons-io is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291024"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-lang3 is earlier than 0:3.7-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861009"/>
<criterion comment="apache-commons-lang3 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291012"/>
</criteria>
<criteria operator="AND">
<criterion comment="apache-commons-logging is earlier than 0:1.2-13.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861011"/>
<criterion comment="apache-commons-logging is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291070"/>
</criteria>
<criteria operator="AND">
<criterion comment="atinject is earlier than 0:1-28.20100611svn86.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861013"/>
<criterion comment="atinject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291102"/>
</criteria>
<criteria operator="AND">
<criterion comment="cdi-api is earlier than 0:1.2-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861015"/>
<criterion comment="cdi-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291078"/>
</criteria>
<criteria operator="AND">
<criterion comment="geronimo-annotation is earlier than 0:1.0-23.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861017"/>
<criterion comment="geronimo-annotation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291090"/>
</criteria>
<criteria operator="AND">
<criterion comment="glassfish-el-api is earlier than 0:3.0.1-0.7.b08.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861019"/>
<criterion comment="glassfish-el-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291054"/>
</criteria>
<criteria operator="AND">
<criterion comment="google-guice is earlier than 0:4.1-11.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861021"/>
<criterion comment="google-guice is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291062"/>
</criteria>
<criteria operator="AND">
<criterion comment="guava20 is earlier than 0:20.0-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861023"/>
<criterion comment="guava20 is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:20208908002"/>
</criteria>
<criteria operator="AND">
<criterion comment="hawtjni-runtime is earlier than 0:1.16-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861025"/>
<criterion comment="hawtjni-runtime is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291026"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-client is earlier than 0:4.5.5-5.module+el8.6.0+13298+7b5243c0" test_ref="oval:com.redhat.rhsa:tst:20221861027"/>
<criterion comment="httpcomponents-client is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291098"/>
</criteria>
<criteria operator="AND">
<criterion comment="httpcomponents-core is earlier than 0:4.4.10-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861029"/>
<criterion comment="httpcomponents-core is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291092"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi is earlier than 0:1.17.1-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861031"/>
<criterion comment="jansi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291010"/>
</criteria>
<criteria operator="AND">
<criterion comment="jansi-native is earlier than 0:1.7-7.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861033"/>
<criterion comment="jansi-native is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291088"/>
</criteria>
<criteria operator="AND">
<criterion comment="jboss-interceptors-1.2-api is earlier than 0:1.0.0-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861035"/>
<criterion comment="jboss-interceptors-1.2-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291076"/>
</criteria>
<criteria operator="AND">
<criterion comment="jcl-over-slf4j is earlier than 0:1.7.25-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861037"/>
<criterion comment="jcl-over-slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291040"/>
</criteria>
<criteria operator="AND">
<criterion comment="jsoup is earlier than 0:1.11.3-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861039"/>
<criterion comment="jsoup is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291016"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven is earlier than 1:3.5.4-5.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861041"/>
<criterion comment="maven is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291074"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-lib is earlier than 1:3.5.4-5.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861043"/>
<criterion comment="maven-lib is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291046"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-api is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861045"/>
<criterion comment="maven-resolver-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291018"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-connector-basic is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861047"/>
<criterion comment="maven-resolver-connector-basic is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291044"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-impl is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861049"/>
<criterion comment="maven-resolver-impl is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291058"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-spi is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861051"/>
<criterion comment="maven-resolver-spi is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291060"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-transport-wagon is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861053"/>
<criterion comment="maven-resolver-transport-wagon is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291084"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-resolver-util is earlier than 1:1.1.1-2.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861055"/>
<criterion comment="maven-resolver-util is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291096"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-shared-utils is earlier than 0:3.2.1-0.2.module+el8.6.0+15045+b1156105" test_ref="oval:com.redhat.rhsa:tst:20224798057"/>
<criterion comment="maven-shared-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291066"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-file is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861059"/>
<criterion comment="maven-wagon-file is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291028"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-http is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861061"/>
<criterion comment="maven-wagon-http is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291034"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-http-shared is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861063"/>
<criterion comment="maven-wagon-http-shared is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291104"/>
</criteria>
<criteria operator="AND">
<criterion comment="maven-wagon-provider-api is earlier than 0:3.1.0-1.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861065"/>
<criterion comment="maven-wagon-provider-api is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291094"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-cipher is earlier than 0:1.7-14.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861067"/>
<criterion comment="plexus-cipher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291068"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-classworlds is earlier than 0:2.5.2-9.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861069"/>
<criterion comment="plexus-classworlds is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291038"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-containers-component-annotations is earlier than 0:1.7.1-8.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861071"/>
<criterion comment="plexus-containers-component-annotations is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291082"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-interpolation is earlier than 0:1.22-9.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861073"/>
<criterion comment="plexus-interpolation is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291006"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-sec-dispatcher is earlier than 0:1.4-26.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861075"/>
<criterion comment="plexus-sec-dispatcher is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291080"/>
</criteria>
<criteria operator="AND">
<criterion comment="plexus-utils is earlier than 0:3.1.0-3.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861077"/>
<criterion comment="plexus-utils is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291072"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu-inject is earlier than 1:0.3.3-6.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861079"/>
<criterion comment="sisu-inject is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291022"/>
</criteria>
<criteria operator="AND">
<criterion comment="sisu-plexus is earlier than 1:0.3.3-6.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861081"/>
<criterion comment="sisu-plexus is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291050"/>
</criteria>
<criteria operator="AND">
<criterion comment="slf4j is earlier than 0:1.7.25-4.module+el8+2452+b359bfcd" test_ref="oval:com.redhat.rhsa:tst:20221861083"/>
<criterion comment="slf4j is signed with Red Hat redhatrelease2 key" test_ref="oval:com.redhat.cve:tst:202126291100"/>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</criteria>
</definition>
Reply all
Reply to author
Forward
Message has been deleted
0 new messages