Vulnerability-Lookup

CVE-2026-5598 (GCVE-0-2026-5598)

Vulnerability from cvelistv5 – Published: 2026-04-15 09:05 – Updated: 2026-05-18 23:17

Title

Non-constant time comparisons risk private key leakage in FrodoKEM.

Summary

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.

Severity

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red

CWE

CWE-385 - Covert timing channel

Assigner

bcorg

References

3 references

URL	Tags
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	vendor-advisory
https://github.com/bcgit/bc-java/commit/94abbd564…	patch
https://github.com/bcgit/bc-java/commit/8692e6b2b…	patch

Impacted products

1 product

Vendor	Product	Version
Legion of the Bouncy Castle Inc.	BC-JAVA	Affected: 1.71 , < 1.80.2 (maven) Affected: 1.81 , < 1.80.1 (maven) Affected: 1.82 , < 1.84 (maven)

Credits

Cristina Dueñas Navarro (cristina.duenas@jtsec.es) Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-15T13:11:48.318645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-15T13:11:53.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java/",
          "defaultStatus": "unaffected",
          "modules": [
            "core"
          ],
          "packageName": "core",
          "platforms": [
            "all"
          ],
          "product": "BC-JAVA",
          "programFiles": [
            "FrodoEngine.java"
          ],
          "repo": "https://github.com/bcgit/bc-java",
          "vendor": "Legion of the Bouncy Castle Inc.",
          "versions": [
            {
              "lessThan": "1.80.2",
              "status": "affected",
              "version": "1.71",
              "versionType": "maven"
            },
            {
              "lessThan": "1.80.1",
              "status": "affected",
              "version": "1.81",
              "versionType": "maven"
            },
            {
              "lessThan": "1.84",
              "status": "affected",
              "version": "1.82",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cristina Due\u00f1as Navarro (cristina.duenas@jtsec.es)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\u003cp\u003e This vulnerability is associated with program files FrodoEngine.Java.\u003c/p\u003e\u003cp\u003eThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.\u003c/p\u003e"
            }
          ],
          "value": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\n\n This vulnerability is associated with program files FrodoEngine.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "PRESENT",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-385",
              "description": "CWE-385 Covert timing channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-18T23:17:39.880Z",
        "orgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
        "shortName": "bcorg"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Non-constant time comparisons risk private key leakage in FrodoKEM.",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
    "assignerShortName": "bcorg",
    "cveId": "CVE-2026-5598",
    "datePublished": "2026-04-15T09:05:56.277Z",
    "dateReserved": "2026-04-05T07:25:44.930Z",
    "dateUpdated": "2026-05-18T23:17:39.880Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-5598",
      "date": "2026-05-26",
      "epss": "0.00022",
      "percentile": "0.06512"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-5598\",\"sourceIdentifier\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"published\":\"2026-04-15T10:16:49.757\",\"lastModified\":\"2026-05-19T00:16:37.773\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\\n\\n This vulnerability is associated with program files FrodoEngine.Java.\\n\\n\\n\\nThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"PRESENT\",\"Automatable\":\"YES\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"RED\"}}]},\"weaknesses\":[{\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]}],\"references\":[{\"url\":\"https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5\",\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\"},{\"url\":\"https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87\",\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\"},{\"url\":\"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598\",\"source\":\"91579145-5d7b-4cc5-b925-a0262ff19630\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5598\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T13:11:48.318645Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-15T13:11:50.359Z\"}}], \"cna\": {\"title\": \"Non-constant time comparisons risk private key leakage in FrodoKEM.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Cristina Due\\u00f1as Navarro (cristina.duenas@jtsec.es)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.9, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"RED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/bcgit/bc-java\", \"vendor\": \"Legion of the Bouncy Castle Inc.\", \"modules\": [\"core\"], \"product\": \"BC-JAVA\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.71\", \"lessThan\": \"1.80.2\", \"versionType\": \"maven\"}, {\"status\": \"affected\", \"version\": \"1.81\", \"lessThan\": \"1.80.1\", \"versionType\": \"maven\"}, {\"status\": \"affected\", \"version\": \"1.82\", \"lessThan\": \"1.84\", \"versionType\": \"maven\"}], \"platforms\": [\"all\"], \"packageName\": \"core\", \"programFiles\": [\"FrodoEngine.java\"], \"collectionURL\": \"https://www.bouncycastle.org/download/bouncy-castle-java/\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\\n\\n This vulnerability is associated with program files FrodoEngine.Java.\\n\\n\\n\\nThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\u003cp\u003e This vulnerability is associated with program files FrodoEngine.Java.\u003c/p\u003e\u003cp\u003eThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-385\", \"description\": \"CWE-385 Covert timing channel\"}]}], \"providerMetadata\": {\"orgId\": \"91579145-5d7b-4cc5-b925-a0262ff19630\", \"shortName\": \"bcorg\", \"dateUpdated\": \"2026-05-18T23:17:39.880Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-5598\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-18T23:17:39.880Z\", \"dateReserved\": \"2026-04-05T07:25:44.930Z\", \"assignerOrgId\": \"91579145-5d7b-4cc5-b925-a0262ff19630\", \"datePublished\": \"2026-04-15T09:05:56.277Z\", \"assignerShortName\": \"bcorg\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0556

Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 31.3.x antérieures à 3.13.15
VMware	Tanzu Greenplum	Tanzu Greenplum Streaming Server For Kubernetes versions antérieures à 1.3.0
VMware	Tanzu	Tanzu Data Flow on Kubernetes versions antérieures à 2.1.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.0.x antérieures à 4.0.20
VMware	Tanzu Greenplum	Tanzu Greenplum Backup and Restore versions antérieures à1.33.0
VMware	Tanzu Greenplum	Tanzu Greenplum Data Copy Utility versions antérieures à 2.9.3
VMware	Tanzu	Tanzu for Valkey on Kubernetes versions antérieures à 3.3.4
VMware	Tanzu Greenplum	Tanzu Greenplum Command Center versions 6.17.x antérieures à 6.17.0
VMware	Tanzu Greenplum	Tanzu Greenplum on Kubernetes versions antérieures à 1.1.0
VMware	Tanzu Greenplum	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.2.x antérieures à 4.2.6
VMware	Tanzu Greenplum	Tanzu Greenplum Text versions antérieures à 4.0.0
VMware	Tanzu Greenplum	Tanzu Greenplum Streaming Server versions antérieures à 2.3.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.3.x antérieures à 4.3.0
VMware	Tanzu	Tanzu for Valkey on Kubernetes versions antérieures à 3.4.0
VMware	Tanzu Gemfire	Tanzu GemFire versions antérieures à 10.2.3
VMware	Tanzu Greenplum	Tanzu Greenplum Upgrade versions antérieures à 2.0.0
VMware	Tanzu Greenplum	Tanzu Greenplumversions antérieures à 7.8.0
VMware	Tanzu Gemfire	Tanzu GemFire Vector Database versions antérieures à 1.2.2
VMware	Tanzu Greenplum	Tanzu Greenplum versions antérieures à 6.33.0
VMware	Tanzu Greenplum	Tanzu Greenplum Command Center versions 7.7.x antérieures à 7.7.0
VMware	Tanzu	Tanzu RabbitMQ on Kubernetes versions 4.1.x antérieures à 4.1.11
VMware	Tanzu	Tanzu for MySQL on Kubernetes versions antérieures à 2.0.3

References

Title

Publication Time

cleanstart-2026-pk73499

Vulnerability from cleanstart

Published

2026-05-18 12:57

Modified

2026-05-17 13:00

Summary

Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1

Details

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2026-5588	WEB
	https://osv.dev/vulnerability/CVE-2026-5598	WEB
	https://osv.dev/vulnerability/ghsa-389x-839f-4rhx	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6	WEB
	https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw	WEB
	https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8	WEB
	https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx	WEB
	https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49	WEB
	https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3	WEB
	https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4	WEB
	https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp	WEB
	https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5588	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5598	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "kserve-modelmesh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.0-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-PK73499",
  "modified": "2026-05-17T13:00:25Z",
  "published": "2026-05-18T12:57:05.166140Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PK73499.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5598"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1",
  "upstream": [
    "CVE-2026-5588",
    "CVE-2026-5598",
    "ghsa-389x-839f-4rhx",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-4cx2-fc23-5wg6",
    "ghsa-4g8c-wm8x-jfhw",
    "ghsa-735f-pc8j-v9w8",
    "ghsa-c3fc-8qff-9hwx",
    "ghsa-fghv-69vj-qj49",
    "ghsa-p93r-85wp-75v3",
    "ghsa-prj3-ccx8-p6x4",
    "ghsa-wg6q-6289-32hp",
    "ghsa-xq3w-v528-46rv"
  ]
}

cleanstart-2026-po27799

Vulnerability from cleanstart

Published

2026-05-18 13:37

Modified

2026-05-07 10:33

Summary

Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2025-59250, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-cm33-6792-r9fm, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.5.0-r2, 26.5.6-r3, 26.5.7-r0

Details

Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2017-12158	WEB
	https://osv.dev/vulnerability/CVE-2017-12159	WEB
	https://osv.dev/vulnerability/CVE-2025-59250	WEB
	https://osv.dev/vulnerability/CVE-2026-41417	WEB
	https://osv.dev/vulnerability/CVE-2026-42198	WEB
	https://osv.dev/vulnerability/CVE-2026-42577	WEB
	https://osv.dev/vulnerability/CVE-2026-42578	WEB
	https://osv.dev/vulnerability/CVE-2026-42579	WEB
	https://osv.dev/vulnerability/CVE-2026-42580	WEB
	https://osv.dev/vulnerability/CVE-2026-42581	WEB
	https://osv.dev/vulnerability/CVE-2026-42583	WEB
	https://osv.dev/vulnerability/CVE-2026-42584	WEB
	https://osv.dev/vulnerability/CVE-2026-42585	WEB
	https://osv.dev/vulnerability/CVE-2026-42587	WEB
	https://osv.dev/vulnerability/CVE-2026-5588	WEB
	https://osv.dev/vulnerability/CVE-2026-5598	WEB
	https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr	WEB
	https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr	WEB
	https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6	WEB
	https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3	WEB
	https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624	WEB
	https://osv.dev/vulnerability/ghsa-72hv-8253-57qq	WEB
	https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4	WEB
	https://osv.dev/vulnerability/ghsa-9342-92gg-6v29	WEB
	https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq	WEB
	https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx	WEB
	https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q	WEB
	https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm	WEB
	https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49	WEB
	https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c	WEB
	https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723	WEB
	https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6	WEB
	https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3	WEB
	https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8	WEB
	https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9	WEB
	https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p	WEB
	https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv	WEB
	https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv	WEB
	https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp	WEB
	https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-12158	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2017-12159	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59250	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41417	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42198	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42577	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42578	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42579	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42580	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42581	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42583	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42584	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42585	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42587	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5588	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5598	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "keycloak"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.5.7-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-PO27799",
  "modified": "2026-05-07T10:33:31Z",
  "published": "2026-05-18T13:37:33.587383Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PO27799.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12158"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12159"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59250"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42198"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42577"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5598"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5rfx-cp42-p624"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cbdj-484d-3x9q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12158"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12159"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2025-59250, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-cm33-6792-r9fm, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.5.0-r2, 26.5.6-r3, 26.5.7-r0",
  "upstream": [
    "CVE-2017-12158",
    "CVE-2017-12159",
    "CVE-2025-59250",
    "CVE-2026-41417",
    "CVE-2026-42198",
    "CVE-2026-42577",
    "CVE-2026-42578",
    "CVE-2026-42579",
    "CVE-2026-42580",
    "CVE-2026-42581",
    "CVE-2026-42583",
    "CVE-2026-42584",
    "CVE-2026-42585",
    "CVE-2026-42587",
    "CVE-2026-5588",
    "CVE-2026-5598",
    "ghsa-38f8-5428-x5cv",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-45p5-v273-3qqr",
    "ghsa-45q3-82m4-75jr",
    "ghsa-4cx2-fc23-5wg6",
    "ghsa-57rv-r2g8-2cj3",
    "ghsa-5rfx-cp42-p624",
    "ghsa-72hv-8253-57qq",
    "ghsa-84h7-rjj3-6jx4",
    "ghsa-9342-92gg-6v29",
    "ghsa-98qh-xjc8-98pq",
    "ghsa-c3fc-8qff-9hwx",
    "ghsa-cbdj-484d-3x9q",
    "ghsa-cm33-6792-r9fm",
    "ghsa-fghv-69vj-qj49",
    "ghsa-h5fg-jpgr-rv9c",
    "ghsa-hq9p-pm7w-8p54",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-m4cv-j2px-7723",
    "ghsa-mj4r-2hfc-f8p6",
    "ghsa-p93r-85wp-75v3",
    "ghsa-pwqr-wmgm-9rr8",
    "ghsa-rc95-pcm8-65v9",
    "ghsa-rwm7-x88c-3g2p",
    "ghsa-v8h7-rr48-vmmv",
    "ghsa-w9fj-cfpg-grvv",
    "ghsa-wg6q-6289-32hp",
    "ghsa-xxqh-mfjm-7mv9"
  ]
}

cleanstart-2026-vj37814

Vulnerability from cleanstart

Published

2026-05-18 13:37

Modified

2026-05-07 10:32

Summary

Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2

Details

Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-59250	WEB
	https://osv.dev/vulnerability/CVE-2026-1002	WEB
	https://osv.dev/vulnerability/CVE-2026-33870	WEB
	https://osv.dev/vulnerability/CVE-2026-33871	WEB
	https://osv.dev/vulnerability/CVE-2026-39852	WEB
	https://osv.dev/vulnerability/CVE-2026-41417	WEB
	https://osv.dev/vulnerability/CVE-2026-42198	WEB
	https://osv.dev/vulnerability/CVE-2026-42577	WEB
	https://osv.dev/vulnerability/CVE-2026-42578	WEB
	https://osv.dev/vulnerability/CVE-2026-42579	WEB
	https://osv.dev/vulnerability/CVE-2026-42580	WEB
	https://osv.dev/vulnerability/CVE-2026-42581	WEB
	https://osv.dev/vulnerability/CVE-2026-42583	WEB
	https://osv.dev/vulnerability/CVE-2026-42584	WEB
	https://osv.dev/vulnerability/CVE-2026-42585	WEB
	https://osv.dev/vulnerability/CVE-2026-42587	WEB
	https://osv.dev/vulnerability/CVE-2026-5588	WEB
	https://osv.dev/vulnerability/CVE-2026-5598	WEB
	https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr	WEB
	https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr	WEB
	https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6	WEB
	https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3	WEB
	https://osv.dev/vulnerability/ghsa-9342-92gg-6v29	WEB
	https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq	WEB
	https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx	WEB
	https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm	WEB
	https://osv.dev/vulnerability/ghsa-cphf-4846-3xx9	WEB
	https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49	WEB
	https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c	WEB
	https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723	WEB
	https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6	WEB
	https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3	WEB
	https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8	WEB
	https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9	WEB
	https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p	WEB
	https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv	WEB
	https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv	WEB
	https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp	WEB
	https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59250	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1002	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33871	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39852	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41417	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42198	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42577	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42578	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42579	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42580	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42581	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42583	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42584	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42585	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42587	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5588	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-5598	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "keycloak"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "26.4.11-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-VJ37814",
  "modified": "2026-05-07T10:32:20Z",
  "published": "2026-05-18T13:37:33.552809Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ37814.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59250"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1002"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39852"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42198"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42577"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-5598"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cphf-4846-3xx9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2",
  "upstream": [
    "CVE-2025-59250",
    "CVE-2026-1002",
    "CVE-2026-33870",
    "CVE-2026-33871",
    "CVE-2026-39852",
    "CVE-2026-41417",
    "CVE-2026-42198",
    "CVE-2026-42577",
    "CVE-2026-42578",
    "CVE-2026-42579",
    "CVE-2026-42580",
    "CVE-2026-42581",
    "CVE-2026-42583",
    "CVE-2026-42584",
    "CVE-2026-42585",
    "CVE-2026-42587",
    "CVE-2026-5588",
    "CVE-2026-5598",
    "ghsa-38f8-5428-x5cv",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-45p5-v273-3qqr",
    "ghsa-45q3-82m4-75jr",
    "ghsa-4cx2-fc23-5wg6",
    "ghsa-57rv-r2g8-2cj3",
    "ghsa-9342-92gg-6v29",
    "ghsa-98qh-xjc8-98pq",
    "ghsa-c3fc-8qff-9hwx",
    "ghsa-cm33-6792-r9fm",
    "ghsa-cphf-4846-3xx9",
    "ghsa-fghv-69vj-qj49",
    "ghsa-h5fg-jpgr-rv9c",
    "ghsa-hq9p-pm7w-8p54",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-m4cv-j2px-7723",
    "ghsa-mj4r-2hfc-f8p6",
    "ghsa-p93r-85wp-75v3",
    "ghsa-pwqr-wmgm-9rr8",
    "ghsa-rc95-pcm8-65v9",
    "ghsa-rwm7-x88c-3g2p",
    "ghsa-v8h7-rr48-vmmv",
    "ghsa-w9fj-cfpg-grvv",
    "ghsa-wg6q-6289-32hp",
    "ghsa-xxqh-mfjm-7mv9"
  ]
}

FKIE_CVE-2026-5598

Vulnerability from fkie_nvd - Published: 2026-04-15 10:16 - Updated: 2026-05-19 00:16

Severity

8.9 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red

Summary

References

	URL	Tags
	91579145-5d7b-4cc5-b925-a0262ff19630	https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5
	91579145-5d7b-4cc5-b925-a0262ff19630	https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87
	91579145-5d7b-4cc5-b925-a0262ff19630	https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\n\n This vulnerability is associated with program files FrodoEngine.Java.\n\n\n\nThis issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84."
    }
  ],
  "id": "CVE-2026-5598",
  "lastModified": "2026-05-19T00:16:37.773",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "NOT_DEFINED",
          "Safety": "PRESENT",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.9,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "RED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:X/U:Red",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "91579145-5d7b-4cc5-b925-a0262ff19630",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-15T10:16:49.757",
  "references": [
    {
      "source": "91579145-5d7b-4cc5-b925-a0262ff19630",
      "url": "https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5"
    },
    {
      "source": "91579145-5d7b-4cc5-b925-a0262ff19630",
      "url": "https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87"
    },
    {
      "source": "91579145-5d7b-4cc5-b925-a0262ff19630",
      "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598"
    }
  ],
  "sourceIdentifier": "91579145-5d7b-4cc5-b925-a0262ff19630",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-385"
        }
      ],
      "source": "91579145-5d7b-4cc5-b925-a0262ff19630",
      "type": "Secondary"
    }
  ]
}

GHSA-P93R-85WP-75V3

Vulnerability from github – Published: 2026-04-17 18:31 – Updated: 2026-04-25 23:25

Summary

Bouncy Castle Has Covert Timing Channel Vulnerability

Details

Severity

8.9 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk15to18"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.71"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk14"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.71"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.bouncycastle:bcprov-jdk18on"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.71"
            },
            {
              "fixed": "1.84"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-5598"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-25T23:25:24Z",
    "nvd_published_at": "2026-04-15T10:16:49Z",
    "severity": "HIGH"
  },
  "details": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.84.",
  "id": "GHSA-p93r-85wp-75v3",
  "modified": "2026-04-25T23:25:24Z",
  "published": "2026-04-17T18:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bcgit/bc-java"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bcgit/bc-java/wiki/CVE-2026-5598"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Bouncy Castle Has Covert Timing Channel Vulnerability"
}

OPENSUSE-SU-2026:10571-1

Vulnerability from csaf_opensuse - Published: 2026-04-18 00:00 - Updated: 2026-04-18 00:00

Summary

bouncycastle-1.84-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: bouncycastle-1.84-1.1 on GA media

Description of the patch: These are all security issues fixed in the bouncycastle-1.84-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10571

CVE-2025-14813

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-0636

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-3505

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2026-5588

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-5598

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected products

Recommended 32 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

17 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-14813/	self
https://www.suse.com/security/cve/CVE-2026-0636/	self
https://www.suse.com/security/cve/CVE-2026-3505/	self
https://www.suse.com/security/cve/CVE-2026-5588/	self
https://www.suse.com/security/cve/CVE-2026-5598/	self
https://www.suse.com/security/cve/CVE-2025-14813	external
https://bugzilla.suse.com/1262225	external
https://www.suse.com/security/cve/CVE-2026-0636	external
https://bugzilla.suse.com/1262226	external
https://www.suse.com/security/cve/CVE-2026-3505	external
https://bugzilla.suse.com/1262232	external
https://www.suse.com/security/cve/CVE-2026-5588	external
https://bugzilla.suse.com/1262228	external
https://www.suse.com/security/cve/CVE-2026-5598	external
https://bugzilla.suse.com/1262227	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "bouncycastle-1.84-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the bouncycastle-1.84-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10571",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10571-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-14813 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-14813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-0636 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-0636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3505 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3505/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5588 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5588/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5598 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5598/"
      }
    ],
    "title": "bouncycastle-1.84-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-04-18T00:00:00Z",
      "generator": {
        "date": "2026-04-18T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10571-1",
      "initial_release_date": "2026-04-18T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-04-18T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bouncycastle-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-javadoc-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-javadoc-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-javadoc-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-jmail-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-jmail-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-jmail-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-mail-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-mail-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-mail-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pg-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-pg-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-pg-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pkix-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-pkix-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-pkix-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-tls-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-tls-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-tls-1.84-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-util-1.84-1.1.aarch64",
                "product": {
                  "name": "bouncycastle-util-1.84-1.1.aarch64",
                  "product_id": "bouncycastle-util-1.84-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bouncycastle-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-javadoc-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-javadoc-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-javadoc-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-jmail-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-jmail-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-jmail-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-mail-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-mail-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-mail-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pg-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-pg-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-pg-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pkix-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-pkix-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-pkix-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-tls-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-tls-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-tls-1.84-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-util-1.84-1.1.ppc64le",
                "product": {
                  "name": "bouncycastle-util-1.84-1.1.ppc64le",
                  "product_id": "bouncycastle-util-1.84-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bouncycastle-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-1.84-1.1.s390x",
                  "product_id": "bouncycastle-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-javadoc-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-javadoc-1.84-1.1.s390x",
                  "product_id": "bouncycastle-javadoc-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-jmail-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-jmail-1.84-1.1.s390x",
                  "product_id": "bouncycastle-jmail-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-mail-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-mail-1.84-1.1.s390x",
                  "product_id": "bouncycastle-mail-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pg-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-pg-1.84-1.1.s390x",
                  "product_id": "bouncycastle-pg-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pkix-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-pkix-1.84-1.1.s390x",
                  "product_id": "bouncycastle-pkix-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-tls-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-tls-1.84-1.1.s390x",
                  "product_id": "bouncycastle-tls-1.84-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-util-1.84-1.1.s390x",
                "product": {
                  "name": "bouncycastle-util-1.84-1.1.s390x",
                  "product_id": "bouncycastle-util-1.84-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bouncycastle-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-javadoc-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-javadoc-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-javadoc-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-jmail-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-jmail-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-jmail-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-mail-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-mail-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-mail-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pg-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-pg-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-pg-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-pkix-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-pkix-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-pkix-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-tls-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-tls-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-tls-1.84-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bouncycastle-util-1.84-1.1.x86_64",
                "product": {
                  "name": "bouncycastle-util-1.84-1.1.x86_64",
                  "product_id": "bouncycastle-util-1.84-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-javadoc-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-javadoc-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-javadoc-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-javadoc-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-javadoc-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-javadoc-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-javadoc-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-javadoc-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-jmail-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-jmail-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-jmail-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-jmail-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-jmail-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-jmail-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-jmail-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-jmail-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-mail-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-mail-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-mail-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-mail-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-mail-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-mail-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-mail-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-mail-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pg-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-pg-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pg-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-pg-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pg-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-pg-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pg-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-pg-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pkix-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-pkix-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pkix-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-pkix-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pkix-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-pkix-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-pkix-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-pkix-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-tls-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-tls-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-tls-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-tls-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-tls-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-tls-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-tls-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-tls-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-util-1.84-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64"
        },
        "product_reference": "bouncycastle-util-1.84-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-util-1.84-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le"
        },
        "product_reference": "bouncycastle-util-1.84-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-util-1.84-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x"
        },
        "product_reference": "bouncycastle-util-1.84-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bouncycastle-util-1.84-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        },
        "product_reference": "bouncycastle-util-1.84-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-14813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlockCipher.\n\nGOSTCTR implementation unable to process more than 255 blocks correctly.\n\n\nThis issue affects BC-JAVA: from 1.59 before 1.84.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-14813",
          "url": "https://www.suse.com/security/cve/CVE-2025-14813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262225 for CVE-2025-14813",
          "url": "https://bugzilla.suse.com/1262225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-14813"
    },
    {
      "cve": "CVE-2026-0636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-0636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper.\n\nThis issue affects BC-JAVA: from 1.74 before 1.84.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-0636",
          "url": "https://www.suse.com/security/cve/CVE-2026-0636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262226 for CVE-2026-0636",
          "url": "https://bugzilla.suse.com/1262226"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-0636"
    },
    {
      "cve": "CVE-2026-3505",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3505"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all (pg modules).This issue affects BC-JAVA: before 1.84.\n\nUnbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3505",
          "url": "https://www.suse.com/security/cve/CVE-2026-3505"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262232 for CVE-2026-3505",
          "url": "https://bugzilla.suse.com/1262232"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-3505"
    },
    {
      "cve": "CVE-2026-5588",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5588"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": ": Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules).\n\n\nPKIX draft CompositeVerifier accepts empty signature sequence as valid.\n\n\nThis issue affects BC-JAVA: from 1.49 before 1.84.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5588",
          "url": "https://www.suse.com/security/cve/CVE-2026-5588"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262228 for CVE-2026-5588",
          "url": "https://bugzilla.suse.com/1262228"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-18T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-5588"
    },
    {
      "cve": "CVE-2026-5598",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5598"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules).\n Non-constant time comparisons risk private key leakage in FrodoKEM.\n\nThis issue affects BC-JAVA: from 2.17.3 before 1.84.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
          "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5598",
          "url": "https://www.suse.com/security/cve/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262227 for CVE-2026-5598",
          "url": "https://bugzilla.suse.com/1262227"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-javadoc-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-jmail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-mail-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pg-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-pkix-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-tls-1.84-1.1.x86_64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.aarch64",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.ppc64le",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.s390x",
            "openSUSE Tumbleweed:bouncycastle-util-1.84-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-18T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-5598"
    }
  ]
}

RHSA-2026:12267

Vulnerability from csaf_redhat - Published: 2026-04-30 11:14 - Updated: 2026-05-18 14:17

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons (CVE-2026-5598) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-5598

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unauthorized access to sensitive cryptographic information.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Fixed 21 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch	—	Vendor Fix fix Workaround

Threats

Impact Important

References

13 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:12267	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7137599	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://issues.redhat.com/browse/JBEAP-32774	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-5598	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://www.cve.org/CVERecord?id=CVE-2026-5598	external
https://nvd.nist.gov/vuln/detail/CVE-2026-5598	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons (CVE-2026-5598)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:12267",
        "url": "https://access.redhat.com/errata/RHSA-2026:12267"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7137599",
        "url": "https://access.redhat.com/articles/7137599"
      },
      {
        "category": "external",
        "summary": "2458635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
      },
      {
        "category": "external",
        "summary": "JBEAP-32774",
        "url": "https://issues.redhat.com/browse/JBEAP-32774"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12267.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
    "tracking": {
      "current_release_date": "2026-05-18T14:17:35+00:00",
      "generator": {
        "date": "2026-05-18T14:17:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:12267",
      "initial_release_date": "2026-04-30T11:14:58+00:00",
      "revision_history": [
        {
          "date": "2026-04-30T11:14:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-30T11:14:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-18T14:17:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.4-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
                  "product_id": "8Base-JBEAP-7.4-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
                  "product_id": "9Base-JBEAP-7.4-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el9eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.84.0-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-mail@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pg@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-pkix@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-prov@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                "product": {
                  "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_id": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-bouncycastle-util@1.84.0-1.redhat_00001.1.el9eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
          "product_id": "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src"
        },
        "product_reference": "eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
          "product_id": "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        },
        "product_reference": "eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
        "relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-5598",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2026-04-15T10:01:04.531185+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unauthorized access to sensitive cryptographic information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an unauthenticated attacker needs to send highly specific, malformed ciphertexts to the target server. These payloads are used to interact with the private key of the server in a way that the vulnerable, non-constant time code paths are triggered during the verification step. An attack typically requires sending a large volume of these requests to perform statistical analysis on the resulting timing variations, increasing its complexity.\nThe primary security impact of this vulnerability is the potential leakage of private keys associated with the FrodoKEM implementation. This can compromise encrypted communications or authentication mechanisms.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
          "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998"
        }
      ],
      "release_date": "2026-04-15T09:05:56.277000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-30T11:14:58+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:12267"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, implement aggressive rate limiting and anomaly detection, specifically looking for unusual, high-frequency cryptographic handshake failures or anomalous traffic patterns targeting endpoints that handle key exchanges in the network logs.",
          "product_ids": [
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el7eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-0:1.84.0-1.redhat_00001.1.el9eap.src",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-mail-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el9eap.noarch",
            "9Base-JBEAP-7.4-ELS:eap7-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el9eap.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons"
    }
  ]
}

RHSA-2026:12269

Vulnerability from csaf_redhat - Published: 2026-04-30 11:09 - Updated: 2026-05-18 14:17

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

Severity

Important

Notes

CVE-2026-5598

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat JBoss Enterprise Application Platform 7 Red Hat / Red Hat JBoss Enterprise Application Platform	`cpe:/a:redhat:jboss_enterprise_application_platform:7.4`	—	Vendor Fix fix Workaround

Threats

Impact Important

References

13 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:12269	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7137599	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://issues.redhat.com/browse/JBEAP-32774	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-5598	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://www.cve.org/CVERecord?id=CVE-2026-5598	external
https://nvd.nist.gov/vuln/detail/CVE-2026-5598	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4.\n\nSecurity Fix(es):\n\n* bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons (CVE-2026-5598)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:12269",
        "url": "https://access.redhat.com/errata/RHSA-2026:12269"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7137599",
        "url": "https://access.redhat.com/articles/7137599"
      },
      {
        "category": "external",
        "summary": "2458635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
      },
      {
        "category": "external",
        "summary": "JBEAP-32774",
        "url": "https://issues.redhat.com/browse/JBEAP-32774"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12269.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
    "tracking": {
      "current_release_date": "2026-05-18T14:17:36+00:00",
      "generator": {
        "date": "2026-05-18T14:17:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:12269",
      "initial_release_date": "2026-04-30T11:09:52+00:00",
      "revision_history": [
        {
          "date": "2026-04-30T11:09:52+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-30T11:09:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-18T14:17:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 7",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 7",
                  "product_id": "Red Hat JBoss Enterprise Application Platform 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-5598",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2026-04-15T10:01:04.531185+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unauthorized access to sensitive cryptographic information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an unauthenticated attacker needs to send highly specific, malformed ciphertexts to the target server. These payloads are used to interact with the private key of the server in a way that the vulnerable, non-constant time code paths are triggered during the verification step. An attack typically requires sending a large volume of these requests to perform statistical analysis on the resulting timing variations, increasing its complexity.\nThe primary security impact of this vulnerability is the potential leakage of private keys associated with the FrodoKEM implementation. This can compromise encrypted communications or authentication mechanisms.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Enterprise Application Platform 7"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998"
        }
      ],
      "release_date": "2026-04-15T09:05:56.277000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-30T11:09:52+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:12269"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, implement aggressive rate limiting and anomaly detection, specifically looking for unusual, high-frequency cryptographic handshake failures or anomalous traffic patterns targeting endpoints that handle key exchanges in the network logs.",
          "product_ids": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Enterprise Application Platform 7"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons"
    }
  ]
}

RHSA-2026:18054

Vulnerability from csaf_redhat - Published: 2026-05-18 12:24 - Updated: 2026-05-26 08:48

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

Severity

Important

Notes

Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.6 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * bcprov-jdk18on: GOSTCTR implementation unable to process more than 255 blocks correctly (CVE-2025-14813) *bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly (CVE-2025-14813) * bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (CVE-2026-3505) * bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid (CVE-2026-5588) * bcprov-ext-jdk15on: LDAP injection vulnerability in LDAPStoreHelper.java (CVE-2026-0636) * bcprov-jdk12: private key leakage via non-constant time comparisons (CVE-2026-5598) * netty-codec-http: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood (CVE-2026-33871) * netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values (CVE-2026-33870) * artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication (CVE-2026-27446) * org.hibernate.orm/hibernate-c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects [(CVE-2026-27830) * org.keycloak-keycloak-parent: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904) * mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727) * io.hawt-project: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996) * wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI (CVE-2025-23368) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-14813

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 102 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2025-23368

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 104 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-0636

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, potentially leading to disclosure of sensitive information or the manipulation of directory search queries.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 102 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-3505

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD (Authenticated Encryption with Associated Data) message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory exhaustion in a JVM, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 102 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-5588

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft `CompositeVerifier` implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially compromising the authenticity and integrity of data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 102 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-5598

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Fixed 7 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 102 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-26996

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 5 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Vendor Fix fix

Known not affected 104 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src		—

Threats

Impact Moderate

CVE-2026-27446

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. The primary consequence is the potential for message injection into any queue and/or message exfiltration from any queue via the rogue broker.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-306 - Missing Authentication for Critical Function

Affected products

Fixed 16 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 93 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-27727

A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted `javax.naming.Reference` or serialized object to an application using the library. This can provoke the application to download and execute arbitrary malicious code due to mchange-commons-java's independent implementation of Java Naming and Directory Interface (JNDI) dereferencing, which supports remote code loading. This could lead to arbitrary code execution within the affected application.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 105 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-27830

A flaw was found in c3p0, a Java Database Connectivity (JDBC) Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or `javax.naming.Reference` instances. By manipulating the `userOverridesAsString` property, an attacker can cause the application to download and execute malicious code from a remote location on its CLASSPATH.

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix

Known not affected 105 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src		—

Threats

Impact Important

CVE-2026-27904

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch		—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src		—	Vendor Fix fix

Known not affected 107 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src		—

Threats

Impact Moderate

CVE-2026-33870

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 18 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround

Known not affected 91 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2026-33871

A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 18 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix

Known not affected 91 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src		—

Threats

Impact Important

References

121 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:18054	self
https://access.redhat.com/security/updates/classi…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://access.redhat.com/articles/7134190	external
https://bugzilla.redhat.com/show_bug.cgi?id=2337621	external
https://bugzilla.redhat.com/show_bug.cgi?id=2441268	external
https://bugzilla.redhat.com/show_bug.cgi?id=2442671	external
https://bugzilla.redhat.com/show_bug.cgi?id=2442908	external
https://bugzilla.redhat.com/show_bug.cgi?id=2442922	external
https://bugzilla.redhat.com/show_bug.cgi?id=2444320	external
https://bugzilla.redhat.com/show_bug.cgi?id=2452453	external
https://bugzilla.redhat.com/show_bug.cgi?id=2452456	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458634	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458638	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458640	external
https://bugzilla.redhat.com/show_bug.cgi?id=2458641	external
https://issues.redhat.com/browse/JBEAP-29032	external
https://issues.redhat.com/browse/JBEAP-31314	external
https://issues.redhat.com/browse/JBEAP-31468	external
https://issues.redhat.com/browse/JBEAP-31868	external
https://issues.redhat.com/browse/JBEAP-31874	external
https://issues.redhat.com/browse/JBEAP-32025	external
https://issues.redhat.com/browse/JBEAP-32028	external
https://issues.redhat.com/browse/JBEAP-32064	external
https://issues.redhat.com/browse/JBEAP-32074	external
https://issues.redhat.com/browse/JBEAP-32078	external
https://issues.redhat.com/browse/JBEAP-32084	external
https://issues.redhat.com/browse/JBEAP-32123	external
https://issues.redhat.com/browse/JBEAP-32209	external
https://issues.redhat.com/browse/JBEAP-32212	external
https://issues.redhat.com/browse/JBEAP-32266	external
https://issues.redhat.com/browse/JBEAP-32293	external
https://issues.redhat.com/browse/JBEAP-32295	external
https://issues.redhat.com/browse/JBEAP-32339	external
https://issues.redhat.com/browse/JBEAP-32350	external
https://issues.redhat.com/browse/JBEAP-32415	external
https://issues.redhat.com/browse/JBEAP-32481	external
https://issues.redhat.com/browse/JBEAP-32486	external
https://issues.redhat.com/browse/JBEAP-32544	external
https://issues.redhat.com/browse/JBEAP-32601	external
https://issues.redhat.com/browse/JBEAP-32687	external
https://issues.redhat.com/browse/JBEAP-32755	external
https://issues.redhat.com/browse/JBEAP-32773	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2025-14813	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458640	external
https://www.cve.org/CVERecord?id=CVE-2025-14813	external
https://nvd.nist.gov/vuln/detail/CVE-2025-14813	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://access.redhat.com/security/cve/CVE-2025-23368	self
https://bugzilla.redhat.com/show_bug.cgi?id=2337621	external
https://www.cve.org/CVERecord?id=CVE-2025-23368	external
https://nvd.nist.gov/vuln/detail/CVE-2025-23368	external
https://www.gruppotim.it/it/footer/red-team.html	external
https://access.redhat.com/security/cve/CVE-2026-0636	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458641	external
https://www.cve.org/CVERecord?id=CVE-2026-0636	external
https://nvd.nist.gov/vuln/detail/CVE-2026-0636	external
https://github.com/bcgit/bc-java/commit/d20cdb843…	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://access.redhat.com/security/cve/CVE-2026-3505	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458638	external
https://www.cve.org/CVERecord?id=CVE-2026-3505	external
https://nvd.nist.gov/vuln/detail/CVE-2026-3505	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://access.redhat.com/security/cve/CVE-2026-5588	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458634	external
https://www.cve.org/CVERecord?id=CVE-2026-5588	external
https://nvd.nist.gov/vuln/detail/CVE-2026-5588	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://access.redhat.com/security/cve/CVE-2026-5598	self
https://bugzilla.redhat.com/show_bug.cgi?id=2458635	external
https://www.cve.org/CVERecord?id=CVE-2026-5598	external
https://nvd.nist.gov/vuln/detail/CVE-2026-5598	external
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%9…	external
https://access.redhat.com/security/cve/CVE-2026-26996	self
https://bugzilla.redhat.com/show_bug.cgi?id=2441268	external
https://www.cve.org/CVERecord?id=CVE-2026-26996	external
https://nvd.nist.gov/vuln/detail/CVE-2026-26996	external
https://github.com/isaacs/minimatch/commit/2e111f…	external
https://github.com/isaacs/minimatch/security/advi…	external
https://access.redhat.com/security/cve/CVE-2026-27446	self
https://bugzilla.redhat.com/show_bug.cgi?id=2444320	external
https://www.cve.org/CVERecord?id=CVE-2026-27446	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27446	external
https://lists.apache.org/thread/jwpsdc8tdxotm98od…	external
https://access.redhat.com/security/cve/CVE-2026-27727	self
https://bugzilla.redhat.com/show_bug.cgi?id=2442671	external
https://www.cve.org/CVERecord?id=CVE-2026-27727	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27727	external
https://github.com/swaldman/mchange-commons-java/…	external
https://mogwailabs.de/en/blog/2025/02/c3p0-you-li…	external
https://www.mchange.com/projects/c3p0/#configurin…	external
https://www.mchange.com/projects/c3p0/#security-note	external
https://access.redhat.com/security/cve/CVE-2026-27830	self
https://bugzilla.redhat.com/show_bug.cgi?id=2442908	external
https://www.cve.org/CVERecord?id=CVE-2026-27830	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27830	external
https://github.com/swaldman/c3p0/commit/e14cbd816…	external
https://github.com/swaldman/c3p0/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-27904	self
https://bugzilla.redhat.com/show_bug.cgi?id=2442922	external
https://www.cve.org/CVERecord?id=CVE-2026-27904	external
https://nvd.nist.gov/vuln/detail/CVE-2026-27904	external
https://github.com/isaacs/minimatch/security/advi…	external
https://access.redhat.com/security/cve/CVE-2026-33870	self
https://bugzilla.redhat.com/show_bug.cgi?id=2452453	external
https://www.cve.org/CVERecord?id=CVE-2026-33870	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33870	external
https://github.com/netty/netty/security/advisorie…	external
https://w4ke.info/2025/06/18/funky-chunks.html	external
https://w4ke.info/2025/10/29/funky-chunks-2.html	external
https://www.rfc-editor.org/rfc/rfc9110	external
https://access.redhat.com/security/cve/CVE-2026-33871	self
https://bugzilla.redhat.com/show_bug.cgi?id=2452456	external
https://www.cve.org/CVERecord?id=CVE-2026-33871	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33871	external
https://github.com/netty/netty/security/advisorie…	external

Acknowledgments

TIM S.p.A Claudia Bartolini Marco Ventura Massimiliano Brolli

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.5, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.6 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* bcprov-jdk18on: GOSTCTR implementation unable to process more than 255 blocks correctly (CVE-2025-14813)\n\n*bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly (CVE-2025-14813)\n\n* bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion (CVE-2026-3505)\n\n* bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid (CVE-2026-5588)\n\n* bcprov-ext-jdk15on: LDAP injection vulnerability in LDAPStoreHelper.java (CVE-2026-0636)\n\n* bcprov-jdk12: private key leakage via non-constant time comparisons (CVE-2026-5598)\n\n* netty-codec-http: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood (CVE-2026-33871)\n\n* netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values (CVE-2026-33870)\n\n* artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication (CVE-2026-27446)\n\n* org.hibernate.orm/hibernate-c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects [(CVE-2026-27830)\n\n* org.keycloak-keycloak-parent: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727)\n\n* io.hawt-project: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI  (CVE-2025-23368)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:18054",
        "url": "https://access.redhat.com/errata/RHSA-2026:18054"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1/html/release_notes_for_red_hat_jboss_enterprise_application_platform_8.1/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1/html/release_notes_for_red_hat_jboss_enterprise_application_platform_8.1/index"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1/html/red_hat_jboss_enterprise_application_platform_installation_methods/index",
        "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1/html/red_hat_jboss_enterprise_application_platform_installation_methods/index"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/7134190",
        "url": "https://access.redhat.com/articles/7134190"
      },
      {
        "category": "external",
        "summary": "2337621",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
      },
      {
        "category": "external",
        "summary": "2441268",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
      },
      {
        "category": "external",
        "summary": "2442671",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442671"
      },
      {
        "category": "external",
        "summary": "2442908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442908"
      },
      {
        "category": "external",
        "summary": "2442922",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
      },
      {
        "category": "external",
        "summary": "2444320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444320"
      },
      {
        "category": "external",
        "summary": "2452453",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
      },
      {
        "category": "external",
        "summary": "2452456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
      },
      {
        "category": "external",
        "summary": "2458634",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458634"
      },
      {
        "category": "external",
        "summary": "2458635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
      },
      {
        "category": "external",
        "summary": "2458638",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458638"
      },
      {
        "category": "external",
        "summary": "2458640",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458640"
      },
      {
        "category": "external",
        "summary": "2458641",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458641"
      },
      {
        "category": "external",
        "summary": "JBEAP-29032",
        "url": "https://issues.redhat.com/browse/JBEAP-29032"
      },
      {
        "category": "external",
        "summary": "JBEAP-31314",
        "url": "https://issues.redhat.com/browse/JBEAP-31314"
      },
      {
        "category": "external",
        "summary": "JBEAP-31468",
        "url": "https://issues.redhat.com/browse/JBEAP-31468"
      },
      {
        "category": "external",
        "summary": "JBEAP-31868",
        "url": "https://issues.redhat.com/browse/JBEAP-31868"
      },
      {
        "category": "external",
        "summary": "JBEAP-31874",
        "url": "https://issues.redhat.com/browse/JBEAP-31874"
      },
      {
        "category": "external",
        "summary": "JBEAP-32025",
        "url": "https://issues.redhat.com/browse/JBEAP-32025"
      },
      {
        "category": "external",
        "summary": "JBEAP-32028",
        "url": "https://issues.redhat.com/browse/JBEAP-32028"
      },
      {
        "category": "external",
        "summary": "JBEAP-32064",
        "url": "https://issues.redhat.com/browse/JBEAP-32064"
      },
      {
        "category": "external",
        "summary": "JBEAP-32074",
        "url": "https://issues.redhat.com/browse/JBEAP-32074"
      },
      {
        "category": "external",
        "summary": "JBEAP-32078",
        "url": "https://issues.redhat.com/browse/JBEAP-32078"
      },
      {
        "category": "external",
        "summary": "JBEAP-32084",
        "url": "https://issues.redhat.com/browse/JBEAP-32084"
      },
      {
        "category": "external",
        "summary": "JBEAP-32123",
        "url": "https://issues.redhat.com/browse/JBEAP-32123"
      },
      {
        "category": "external",
        "summary": "JBEAP-32209",
        "url": "https://issues.redhat.com/browse/JBEAP-32209"
      },
      {
        "category": "external",
        "summary": "JBEAP-32212",
        "url": "https://issues.redhat.com/browse/JBEAP-32212"
      },
      {
        "category": "external",
        "summary": "JBEAP-32266",
        "url": "https://issues.redhat.com/browse/JBEAP-32266"
      },
      {
        "category": "external",
        "summary": "JBEAP-32293",
        "url": "https://issues.redhat.com/browse/JBEAP-32293"
      },
      {
        "category": "external",
        "summary": "JBEAP-32295",
        "url": "https://issues.redhat.com/browse/JBEAP-32295"
      },
      {
        "category": "external",
        "summary": "JBEAP-32339",
        "url": "https://issues.redhat.com/browse/JBEAP-32339"
      },
      {
        "category": "external",
        "summary": "JBEAP-32350",
        "url": "https://issues.redhat.com/browse/JBEAP-32350"
      },
      {
        "category": "external",
        "summary": "JBEAP-32415",
        "url": "https://issues.redhat.com/browse/JBEAP-32415"
      },
      {
        "category": "external",
        "summary": "JBEAP-32481",
        "url": "https://issues.redhat.com/browse/JBEAP-32481"
      },
      {
        "category": "external",
        "summary": "JBEAP-32486",
        "url": "https://issues.redhat.com/browse/JBEAP-32486"
      },
      {
        "category": "external",
        "summary": "JBEAP-32544",
        "url": "https://issues.redhat.com/browse/JBEAP-32544"
      },
      {
        "category": "external",
        "summary": "JBEAP-32601",
        "url": "https://issues.redhat.com/browse/JBEAP-32601"
      },
      {
        "category": "external",
        "summary": "JBEAP-32687",
        "url": "https://issues.redhat.com/browse/JBEAP-32687"
      },
      {
        "category": "external",
        "summary": "JBEAP-32755",
        "url": "https://issues.redhat.com/browse/JBEAP-32755"
      },
      {
        "category": "external",
        "summary": "JBEAP-32773",
        "url": "https://issues.redhat.com/browse/JBEAP-32773"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18054.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update",
    "tracking": {
      "current_release_date": "2026-05-26T08:48:49+00:00",
      "generator": {
        "date": "2026-05-26T08:48:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:18054",
      "initial_release_date": "2026-05-18T12:24:24+00:00",
      "revision_history": [
        {
          "date": "2026-05-18T12:24:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-18T12:24:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-26T08:48:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 8.1 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 8.1 for RHEL 8",
                  "product_id": "8Base-JBEAP-8.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
                  "product_id": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl-el8-x86_64@2.3.0-1.Final.redhat.00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.7.19-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.6.0-1.GA_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle@1.84.0-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jctools@4.0.6-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
                  "product_id": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-6.redhat_00012.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.6.48-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-guava-failureaccess@1.0.3-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
                "product": {
                  "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
                  "product_id": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-guava-libraries@33.0.0-3.jre_redhat_00004.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-logging@3.6.2-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-http-client@2.1.4-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-angus@2.0.5-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl@2.3.0-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.12-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
                  "product_id": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-10.GA_redhat_00017.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.6-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.132-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.4-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.132-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata@16.1.0-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
                  "product_id": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-client-config@1.0.1-4.Final_redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.3-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src",
                "product": {
                  "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src",
                  "product_id": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-5.redhat_00007.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-plexus-utils@3.6.1-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
                "product": {
                  "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
                  "product_id": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.1.6-5.GA_redhat_00007.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-5.redhat_00003.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                  "product_id": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl-el8-x86_64@2.3.0-1.Final.redhat.00001.1.el8eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                  "product_id": "eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl-el8-x86_64-debuginfo@2.3.0-1.Final.redhat.00001.1.el8eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll@4.1.132-1.Final_redhat_00001.1.el8eap?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                "product": {
                  "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                  "product_id": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-epoll-debuginfo@4.1.132-1.Final_redhat_00001.1.el8eap?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hal-console@3.7.19-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.6.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@801.6.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle-jmail@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle-pg@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle-pkix@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle-prov@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-bouncycastle-util@1.84.0-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jctools@4.0.6-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jctools-core@4.0.6-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                "product": {
                  "name": "eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_id": "eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.40.0-6.redhat_00012.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate@6.6.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-core@6.6.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.6.48-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-guava-failureaccess@1.0.3-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                "product": {
                  "name": "eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                  "product_id": "eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-guava@33.0.0-3.jre_redhat_00004.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                "product": {
                  "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                  "product_id": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-guava-libraries@33.0.0-3.jre_redhat_00004.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-logging@3.6.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-http-client-common@2.1.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-http-ejb-client@2.1.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-http-naming-client@2.1.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-http-transaction-client@2.1.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-angus-mail@2.0.5-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl@2.3.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-openssl-java@2.3.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.12-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-10.GA_redhat_00017.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-elasticsearch@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-lucene@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-engine@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-orm@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-pojo-base@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-hibernate-search-util-common@7.2.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.4-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-buffer@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-dns@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-http@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-codec-socks@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-common@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-handler-proxy@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-resolver-dns@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-classes-epoll@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-netty-transport-native-unix-common@4.1.132-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata-appclient@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata-common@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata-ear@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata-ejb@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-jboss-metadata-web@16.1.0-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-client-config@1.0.1-4.Final_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.3-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
                "product": {
                  "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
                  "product_id": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-5.redhat_00007.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-plexus-utils@3.6.1-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly@8.1.6-5.GA_redhat_00007.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.1.6-5.GA_redhat_00007.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.1.6-5.GA_redhat_00007.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                "product": {
                  "name": "eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_id": "eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.1.6-5.GA_redhat_00007.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
                "product": {
                  "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
                  "product_id": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-5.redhat_00003.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src"
        },
        "product_reference": "eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        },
        "product_reference": "eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch"
        },
        "product_reference": "eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch"
        },
        "product_reference": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src"
        },
        "product_reference": "eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64"
        },
        "product_reference": "eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src"
        },
        "product_reference": "eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src"
        },
        "product_reference": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64"
        },
        "product_reference": "eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64"
        },
        "product_reference": "eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch"
        },
        "product_reference": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
          "product_id": "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        },
        "product_reference": "eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-8.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14813",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "discovery_date": "2026-04-15T10:01:27.769752+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458640"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected by the `G3413CTRBlockCipher`, potentially leading to the recovery and access of encrypted data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to capture ciphertext encrypted by the `GOSTCTR` implementation where the `G3413CTRBlockCipher` processed more than 255 blocks of data, resulting in keystream reuse. An attack typically requires capturing these overlapping ciphertexts to perform cryptanalysis and uncover the underlying data.\nThe primary impact of this vulnerability is the potential loss of confidentiality for data encrypted by the `GOSTCTR` implementation. This can compromise encrypted communications or sensitive stored data by allowing an attacker to fully recover the plaintext.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-14813"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458640",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458640"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-14813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14813"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%9014813"
        }
      ],
      "release_date": "2026-04-15T08:56:34.057000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, strictly limit the payload encrypted under a single key and Initialization Vector (IV) pair using the GOSTCTR implementation and G3413CTRBlockCipher to a maximum of 255 blocks. Alternatively, transition to a more secure, standardized and authenticated encryption mode.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Claudia Bartolini",
            "Marco Ventura",
            "Massimiliano Brolli"
          ],
          "organization": "TIM S.p.A"
        }
      ],
      "cve": "CVE-2025-23368",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "discovery_date": "2025-01-14T14:56:46.792000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2337621"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "According to WildFly Elytron, this affects all versions of JBoss EAP from version 7.1.\nRed Hat build of Keycloak does not ship wildfly-elytron.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "RHBZ#2337621",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-23368",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368"
        },
        {
          "category": "external",
          "summary": "https://www.gruppotim.it/it/footer/red-team.html",
          "url": "https://www.gruppotim.it/it/footer/red-team.html"
        }
      ],
      "release_date": "2025-03-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI"
    },
    {
      "cve": "CVE-2026-0636",
      "cwe": {
        "id": "CWE-90",
        "name": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
      },
      "discovery_date": "2026-04-15T10:01:32.911938+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458641"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, potentially leading to disclosure of sensitive information or the manipulation of directory search queries.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to submit crafted input to an application using the `LDAPStoreHelper` implementation for directory queries. An attack typically requires the application to pass the malicious input directly into a search filter, allowing the attacker to modify the resulting LDAP query.\nThe primary impact of this vulnerability is the loss of confidentiality and integrity for directory data. This can allow an attacker to bypass search restrictions and manipulate directory results, potentially leading to unauthorized access or privilege escalation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0636"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458641",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458641"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0636"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde",
          "url": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
        }
      ],
      "release_date": "2026-04-15T08:59:12.677000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw, sanitize all user-supplied input to remove or escape LDAP special characters before passing it to the LDAPStoreHelper for directory queries. If the input contains unexpected metacharacters such as asterisks, parentheses or backslashes, reject the request or escape the characters.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java"
    },
    {
      "cve": "CVE-2026-3505",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-15T10:01:17.415497+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458638"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD (Authenticated Encryption with Associated Data) message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory exhaustion in a JVM, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to submit a specially crafted PGP AEAD message containing an unbounded chunk size to an application. An attack typically requires the application to process this malformed data, resulting in the uncontrolled allocation of memory resources.\nThe primary impact of this vulnerability is a compromise of system availability, allowing an unauthenticated remote attacker to cause memory exhaustion in a JVM, resulting in a denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3505"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458638",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458638"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3505",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3505"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3505",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3505"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%903505"
        }
      ],
      "release_date": "2026-04-15T09:06:37.939000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, enforce payload size limits on all incoming PGP messages before processing them. Additionally, apply memory quotas to the JVM or container environment to prevent a complete system outage in the event of memory exhaustion.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion"
    },
    {
      "cve": "CVE-2026-5588",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2026-04-15T10:00:59.672015+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458634"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix. The PKIX draft `CompositeVerifier` implementation improperly accepts an empty signature sequence as a valid cryptographic signature. This issue allows a remote attacker to bypass signature verification mechanisms, potentially compromising the authenticity and integrity of data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an attacker needs to submit a crafted payload or token containing an empty signature sequence to an application using the `CompositeVerifier` for cryptographic validation. An attack typically requires the application to process this malformed data and improperly accept the empty sequence as a valid signature, bypassing standard verification checks.\nThe primary impact of this vulnerability is the compromise of data authenticity and integrity, allowing an attacker to forge digital signatures and impersonate trusted entities.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5588"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458634",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458634"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5588",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5588"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588"
        }
      ],
      "release_date": "2026-04-15T09:06:15.617000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this flaw, check that the signature sequence is not empty before passing any data to the CompositeVerifier for cryptographic validation. If the sequence is empty or null, explicitly reject the payload before it is processed.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid"
    },
    {
      "cve": "CVE-2026-5598",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "discovery_date": "2026-04-15T10:01:04.531185+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unauthorized access to sensitive cryptographic information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, an unauthenticated attacker needs to send highly specific, malformed ciphertexts to the target server. These payloads are used to interact with the private key of the server in a way that the vulnerable, non-constant time code paths are triggered during the verification step. An attack typically requires sending a large volume of these requests to perform statistical analysis on the resulting timing variations, increasing its complexity.\nThe primary security impact of this vulnerability is the potential leakage of private keys associated with the FrodoKEM implementation. This can compromise encrypted communications or authentication mechanisms.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
        },
        {
          "category": "external",
          "summary": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998",
          "url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998"
        }
      ],
      "release_date": "2026-04-15T09:05:56.277000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, implement aggressive rate limiting and anomaly detection, specifically looking for unusual, high-frequency cryptographic handshake failures or anomalous traffic patterns targeting endpoints that handle key exchanges in the network logs.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons"
    },
    {
      "cve": "CVE-2026-26996",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2026-02-20T04:01:11.896063+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2441268"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-26996"
        },
        {
          "category": "external",
          "summary": "RHBZ#2441268",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
          "url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
          "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
        }
      ],
      "release_date": "2026-02-20T03:05:21.105000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
    },
    {
      "cve": "CVE-2026-27446",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "discovery_date": "2026-03-04T07:02:26.064000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2444320"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated remote attacker can exploit a missing authentication for critical function vulnerability by using the Core protocol. This allows the attacker to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. The primary consequence is the potential for message injection into any queue and/or message exfiltration from any queue via the rogue broker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT vulnerability in Apache Artemis and Apache ActiveMQ Artemis allows an unauthenticated remote attacker to inject or exfiltrate messages by forcing a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27446"
        },
        {
          "category": "external",
          "summary": "RHBZ#2444320",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444320"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27446"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27446",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27446"
        },
        {
          "category": "external",
          "summary": "https://lists.apache.org/thread/jwpsdc8tdxotm98od8n8n30fqlzoc8gg",
          "url": "https://lists.apache.org/thread/jwpsdc8tdxotm98od8n8n30fqlzoc8gg"
        }
      ],
      "release_date": "2026-03-04T06:06:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, restrict Core protocol support on acceptors receiving connections from untrusted sources. The default \"artemis\" acceptor on port 61616 supports all protocols, including Core. Modify the acceptor URL to explicitly exclude the Core protocol using the \"protocols\" URL parameter. Alternatively, configure two-way SSL with certificate-based authentication to prevent unauthenticated exploitation. A service restart or reload may be required for changes to take effect.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication"
    },
    {
      "cve": "CVE-2026-27727",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2026-02-25T17:04:31.254239+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2442671"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted `javax.naming.Reference` or serialized object to an application using the library. This can provoke the application to download and execute arbitrary malicious code due to mchange-commons-java\u0027s independent implementation of Java Naming and Directory Interface (JNDI) dereferencing, which supports remote code loading. This could lead to arbitrary code execution within the affected application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27727"
        },
        {
          "category": "external",
          "summary": "RHBZ#2442671",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442671"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27727",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27727"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27727",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27727"
        },
        {
          "category": "external",
          "summary": "https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44",
          "url": "https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44"
        },
        {
          "category": "external",
          "summary": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal",
          "url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
        },
        {
          "category": "external",
          "summary": "https://www.mchange.com/projects/c3p0/#configuring_security",
          "url": "https://www.mchange.com/projects/c3p0/#configuring_security"
        },
        {
          "category": "external",
          "summary": "https://www.mchange.com/projects/c3p0/#security-note",
          "url": "https://www.mchange.com/projects/c3p0/#security-note"
        }
      ],
      "release_date": "2026-02-25T16:01:04.187000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects"
    },
    {
      "cve": "CVE-2026-27830",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2026-02-26T01:01:56.834884+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2442908"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in c3p0, a Java Database Connectivity (JDBC) Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or `javax.naming.Reference` instances. By manipulating the `userOverridesAsString` property, an attacker can cause the application to download and execute malicious code from a remote location on its CLASSPATH.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27830"
        },
        {
          "category": "external",
          "summary": "RHBZ#2442908",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442908"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27830"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27830",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27830"
        },
        {
          "category": "external",
          "summary": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e",
          "url": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e"
        },
        {
          "category": "external",
          "summary": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv",
          "url": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv"
        },
        {
          "category": "external",
          "summary": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal",
          "url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
        },
        {
          "category": "external",
          "summary": "https://www.mchange.com/projects/c3p0/#configuring_security",
          "url": "https://www.mchange.com/projects/c3p0/#configuring_security"
        },
        {
          "category": "external",
          "summary": "https://www.mchange.com/projects/c3p0/#security-note",
          "url": "https://www.mchange.com/projects/c3p0/#security-note"
        }
      ],
      "release_date": "2026-02-26T00:45:18.222000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects"
    },
    {
      "cve": "CVE-2026-27904",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2026-02-26T02:01:23.004531+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2442922"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-27904"
        },
        {
          "category": "external",
          "summary": "RHBZ#2442922",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
        },
        {
          "category": "external",
          "summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
          "url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
        }
      ],
      "release_date": "2026-02-26T01:07:42.693000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
    },
    {
      "cve": "CVE-2026-33870",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2026-03-27T21:01:59.865839+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2452453"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33870"
        },
        {
          "category": "external",
          "summary": "RHBZ#2452453",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"
        },
        {
          "category": "external",
          "summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        },
        {
          "category": "external",
          "summary": "https://w4ke.info/2025/10/29/funky-chunks-2.html",
          "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html"
        },
        {
          "category": "external",
          "summary": "https://www.rfc-editor.org/rfc/rfc9110",
          "url": "https://www.rfc-editor.org/rfc/rfc9110"
        }
      ],
      "release_date": "2026-03-27T19:54:15.586000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values"
    },
    {
      "cve": "CVE-2026-33871",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-03-27T21:02:13.396015+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2452456"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server\u0027s lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This important vulnerability in Netty HTTP/2 servers allows a remote attacker to cause a Denial of Service by sending a flood of CONTINUATION frames. This can lead to excessive CPU consumption and render the server unresponsive. Red Hat products utilizing affected Netty versions, such as Red Hat AMQ, Enterprise Application Platform, and OpenShift Container Platform components, are impacted if configured to use HTTP/2.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
          "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
          "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33871"
        },
        {
          "category": "external",
          "summary": "RHBZ#2452456",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv"
        }
      ],
      "release_date": "2026-03-27T19:55:23.135000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-18T12:24:24+00:00",
          "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:18054"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-6.redhat_00012.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-6.redhat_00012.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-0:2.0.5-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-angus-mail-0:2.0.5-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-0:1.84.0-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-bouncycastle-jmail-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pg-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-pkix-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-prov-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-bouncycastle-util-0:1.84.0-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.6.0-1.GA_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.6.0-1.GA_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-failureaccess-0:1.0.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-guava-libraries-0:33.0.0-3.jre_redhat_00004.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.19-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.48-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.48-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.6-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.6-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.4-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-logging-0:3.6.2-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-0:16.1.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-appclient-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-common-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ear-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-ejb-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jboss-metadata-web-0:16.1.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-jctools-0:4.0.6-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.6-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-buffer-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-http-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-codec-socks-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-handler-proxy-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-resolver-dns-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-classes-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-epoll-debuginfo-0:4.1.132-1.Final_redhat_00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-netty-transport-native-unix-common-0:4.1.132-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-plexus-utils-0:3.6.1-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava-0:3.1.12-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-5.redhat_00003.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.6-5.GA_redhat_00007.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-client-config-0:1.0.1-4.Final_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-10.GA_redhat_00017.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.6-5.GA_redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-0:2.3.0-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.src",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-el8-x86_64-debuginfo-0:2.3.0-1.Final.redhat.00001.1.el8eap.x86_64",
            "8Base-JBEAP-8.1:eap8-wildfly-openssl-java-0:2.3.0-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.noarch",
            "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-5.redhat_00007.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-5598 (GCVE-0-2026-5598)

Solutions

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature