Vulnerability-Lookup

CVE-2023-35887 (GCVE-0-2023-35887)

Vulnerability from cvelistv5 – Published: 2023-07-10 09:28 – Updated: 2024-10-07 19:40

Title

Apache MINA SSHD: Information disclosure bugs with RootedFilesystem

Summary

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache MINA SSHD	Affected: 1.0 , < 2.10 (semver)

Credits

Andrew Pikler

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:39.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-35887",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-07T19:40:36.469029Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-07T19:40:46.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache MINA SSHD",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.10",
              "status": "affected",
              "version": "1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Pikler"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\u003cbr\u003e\u003cbr\u003eIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\u003cbr\u003e"
            }
          ],
          "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-19T07:18:06.740Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
        }
      ],
      "source": {
        "defect": [
          "SSHD-1324"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache MINA SSHD: Information disclosure bugs with RootedFilesystem",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-35887",
    "datePublished": "2023-07-10T09:28:54.987Z",
    "dateReserved": "2023-06-19T15:49:53.163Z",
    "dateUpdated": "2024-10-07T19:40:46.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-35887",
      "date": "2026-05-24",
      "epss": "0.00106",
      "percentile": "0.28314"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndExcluding\": \"2.9.3\", \"matchCriteriaId\": \"6975BA01-F3B2-4A87-8BC6-74109C5BA3B0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\\n\\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \\\"exists/does not exist\\\" information about items outside the rooted tree via paths including parent navigation (\\\"..\\\") beyond the root, or involving symlinks.\\n\\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\\n\"}]",
      "id": "CVE-2023-35887",
      "lastModified": "2024-11-21T08:08:55.333",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2023-07-10T16:15:53.050",
      "references": "[{\"url\": \"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-35887\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-07-10T16:15:53.050\",\"lastModified\":\"2024-11-21T08:08:55.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\\n\\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \\\"exists/does not exist\\\" information about items outside the rooted tree via paths including parent navigation (\\\"..\\\") beyond the root, or involving symlinks.\\n\\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"2.9.3\",\"matchCriteriaId\":\"6975BA01-F3B2-4A87-8BC6-74109C5BA3B0\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T16:37:39.870Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-35887\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-07T19:40:36.469029Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-07T19:40:41.560Z\"}}], \"cna\": {\"title\": \"Apache MINA SSHD: Information disclosure bugs with RootedFilesystem\", \"source\": {\"defect\": [\"SSHD-1324\"], \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Andrew Pikler\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache MINA SSHD\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"2.10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\\n\\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \\\"exists/does not exist\\\" information about items outside the rooted tree via paths including parent navigation (\\\"..\\\") beyond the root, or involving symlinks.\\n\\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\u003cbr\u003e\u003cbr\u003eIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \\\"exists/does not exist\\\" information about items outside the rooted tree via paths including parent navigation (\\\"..\\\") beyond the root, or involving symlinks.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-19T07:18:06.740Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-35887\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-07T19:40:46.159Z\", \"dateReserved\": \"2023-06-19T15:49:53.163Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-07-10T09:28:54.987Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2023-08077

Vulnerability from fstec - Published: 10.07.2023

Title

Уязвимость java-библиотеки для поддержки SSH-протоколов Apache SSHD, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость java-библиотеки для поддержки SSH-протоколов Apache SSHD связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Vendor

Apache Software Foundation

Software Name

SSHD, NiFi Registry

Software Version

от 1.0.0 до 2.10.0 (SSHD), 1.24.0 (NiFi Registry)

Possible Mitigations

Компенсирующие меры: - отключение/удаление неиспользуемых учетных записей пользователей; - минимизация пользовательских привилегий; - использование антивирусных средств защиты; - контроль действий пользователей. Использование рекомендаций: Для Apache SSHD: https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0

Reference

https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2 https://vuldb.com/?id.233305 https://github.com/advisories/GHSA-mjmq-gwgm-5qhm

CWE

CWE-22

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Apache Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.0.0 \u0434\u043e 2.10.0 (SSHD), 1.24.0 (NiFi Registry)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache SSHD:\nhttps://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.07.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.11.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08077",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-35887",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SSHD, NiFi Registry",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 SSH-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Apache SSHD, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 SSH-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 Apache SSHD \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2\nhttps://vuldb.com/?id.233305\nhttps://github.com/advisories/GHSA-mjmq-gwgm-5qhm",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)"
}

CERTFR-2026-AVI-0249

Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Data Synchronization App versions antérieures à 3.3.0
IBM	Db2	DB2 Data Management Console versions antérieures à 3.1.13
IBM	Tivoli	Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité
IBM	Db2	DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à 5.3.1
IBM	QRadar	QRadar Pre-Validation App versions antérieures à 2.0.2

References

Title

Publication Time

CNVD-2023-71726

Vulnerability from cnvd - Published: 2023-09-26

Title

Apache MINA信息泄露漏洞

Description

Apache MINA是美国阿帕奇（Apache）基金会的一款网络应用程序框架。该产品主要用于开发高性能和高可伸缩性的网络应用程序。 Apache MINA存在信息泄露漏洞，该漏洞源于程序对于敏感信息保护不足，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Apache MINA信息泄露漏洞的补丁

Patch Description

Apache MINA是美国阿帕奇（Apache）基金会的一款网络应用程序框架。该产品主要用于开发高性能和高可伸缩性的网络应用程序。 Apache MINA存在信息泄露漏洞，该漏洞源于程序对于敏感信息保护不足，攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-35887

Impacted products

Name
Apache MINA >=1.0.0，<2.10.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-35887",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
    }
  },
  "description": "Apache MINA\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5f00\u53d1\u9ad8\u6027\u80fd\u548c\u9ad8\u53ef\u4f38\u7f29\u6027\u7684\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\n\nApache MINA\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5bf9\u4e8e\u654f\u611f\u4fe1\u606f\u4fdd\u62a4\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-71726",
  "openTime": "2023-09-26",
  "patchDescription": "Apache MINA\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5f00\u53d1\u9ad8\u6027\u80fd\u548c\u9ad8\u53ef\u4f38\u7f29\u6027\u7684\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nApache MINA\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5bf9\u4e8e\u654f\u611f\u4fe1\u606f\u4fdd\u62a4\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache MINA\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache MINA \u003e=1.0.0\uff0c\u003c2.10.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
  "serverity": "\u4e2d",
  "submitTime": "2023-07-12",
  "title": "Apache MINA\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2023-35887

Vulnerability from fkie_nvd - Published: 2023-07-10 16:15 - Updated: 2024-11-21 08:08

Severity ?

5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2	Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	sshd	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6975BA01-F3B2-4A87-8BC6-74109C5BA3B0",
              "versionEndExcluding": "2.9.3",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"
    }
  ],
  "id": "CVE-2023-35887",
  "lastModified": "2024-11-21T08:08:55.333",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 1.4,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-10T16:15:53.050",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-MJMQ-GWGM-5QHM

Vulnerability from github – Published: 2023-07-10 18:30 – Updated: 2023-12-07 18:20

Summary

Apache MINA SSHD information disclosure vulnerability

Details

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.

In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.

This issue affects Apache MINA: from 1.0 before 2.9.3 Users are recommended to upgrade to 2.9.3

Until version 2.1.0, some of the code affected by this vulnerability appeared in org.apache.sshd:sshd-core. Version 2.1.0 contains a commit where the code was moved to the package org.apache.sshd:sshd-common, which did not exist until version 2.1.0.

Severity ?

5.0 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.sshd:sshd-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.sshd:sshd-sftp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.sshd:sshd-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35887"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-10T21:53:01Z",
    "nvd_published_at": "2023-07-10T16:15:53Z",
    "severity": "MODERATE"
  },
  "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.9.3 Users are recommended to upgrade to 2.9.3\n\nUntil version 2.1.0, some of the code affected by this vulnerability appeared in org.apache.sshd:sshd-core. Version 2.1.0 contains a [commit](https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0) where the code was moved to the package org.apache.sshd:sshd-common, which did not exist until version 2.1.0.\n",
  "id": "GHSA-mjmq-gwgm-5qhm",
  "modified": "2023-12-07T18:20:03Z",
  "published": "2023-07-10T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/pull/362"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/mina-sshd/commit/c20739b43aab0f7bf2ccad982a6cb37b9d5a8a0b"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/mina-sshd"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/SSHD-1324"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache MINA SSHD information disclosure vulnerability"
}

GSD-2023-35887

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-35887

Aliases

CVE-2023-35887

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-35887",
    "id": "GSD-2023-35887"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-35887"
      ],
      "details": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n",
      "id": "GSD-2023-35887",
      "modified": "2023-12-13T01:20:45.982064Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-35887",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache MINA SSHD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "2.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Andrew Pikler"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-22",
                "lang": "eng",
                "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
          }
        ]
      },
      "source": {
        "defect": [
          "SSHD-1324"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[1.0.0,2.10.0)",
          "affected_versions": "All versions starting from 1.0.0 before 2.10.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2023-07-21",
          "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n",
          "fixed_versions": [],
          "identifier": "CVE-2023-35887",
          "identifiers": [
            "CVE-2023-35887"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.directory.mina/mina",
          "pubdate": "2023-07-10",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
            "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
          ],
          "uuid": "c3fc947a-fd65-46e9-8c54-e1902fa79424"
        },
        {
          "affected_range": "[1.0.0,2.10.0)",
          "affected_versions": "All versions starting from 1.0.0 before 2.10.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2023-07-18",
          "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n",
          "fixed_versions": [
            "2.10.0"
          ],
          "identifier": "CVE-2023-35887",
          "identifiers": [
            "CVE-2023-35887"
          ],
          "not_impacted": "All versions before 1.0.0, all versions starting from 2.10.0",
          "package_slug": "maven/org.apache.sshd/sshd-common",
          "pubdate": "2023-07-10",
          "solution": "Upgrade to version 2.10.0 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
            "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
            "https://issues.apache.org/jira/browse/SSHD-1324",
            "https://github.com/apache/mina-sshd/pull/362"
          ],
          "uuid": "77ff41ee-7390-4df6-b02c-8eabbaf57bc7"
        },
        {
          "affected_range": "[1.0.0,2.1.0)",
          "affected_versions": "All versions starting from 1.0.0 before 2.1.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2023-08-21",
          "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n",
          "fixed_versions": [
            "2.10.0"
          ],
          "identifier": "CVE-2023-35887",
          "identifiers": [
            "GHSA-mjmq-gwgm-5qhm",
            "CVE-2023-35887"
          ],
          "not_impacted": "All versions before 1.0.0, all versions starting from 2.1.0",
          "package_slug": "maven/org.apache.sshd/sshd-core",
          "pubdate": "2023-07-10",
          "solution": "Upgrade to version 2.10.0 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
            "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
            "https://github.com/apache/mina-sshd/pull/362",
            "https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0",
            "https://issues.apache.org/jira/browse/SSHD-1324",
            "https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0",
            "https://github.com/advisories/GHSA-mjmq-gwgm-5qhm"
          ],
          "uuid": "51246f73-ba41-4111-a8a3-6eeb34f2e373"
        },
        {
          "affected_range": "[1.0.0,2.10.0)",
          "affected_versions": "All versions starting from 1.0.0 before 2.10.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2023-07-19",
          "description": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n",
          "fixed_versions": [
            "2.10.0"
          ],
          "identifier": "CVE-2023-35887",
          "identifiers": [
            "GHSA-mjmq-gwgm-5qhm",
            "CVE-2023-35887"
          ],
          "not_impacted": "All versions before 1.0.0, all versions starting from 2.10.0",
          "package_slug": "maven/org.apache.sshd/sshd-sftp",
          "pubdate": "2023-07-10",
          "solution": "Upgrade to version 2.10.0 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
            "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
            "https://github.com/apache/mina-sshd/pull/362",
            "https://github.com/apache/mina-sshd/commit/a61e93035f06bff8fc622ad94870fb773d48b9f0",
            "https://issues.apache.org/jira/browse/SSHD-1324",
            "https://github.com/advisories/GHSA-mjmq-gwgm-5qhm"
          ],
          "uuid": "45de9c82-41aa-42f4-97cd-d0c9e6436b5f"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.3",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-35887"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/b9qgtqvhnvgfpn0w1gz918p21p53tqk2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-11-21T14:38Z",
      "publishedDate": "2023-07-10T16:15Z"
    }
  }
}

NCSC-2024-0302

Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:54 - Updated: 2024-07-17 13:54

Summary

Kwetsbaarheden verholpen in Oracle JD Edwards

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Er zijn kwetsbaarheden verholpen in Oracle JD Edwards.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: * Denial-of-Service (DoS) * Toegang tot gevoelige gegevens * Toegang tot systeemgegevens * Manipulatie van gegevens

Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.

Kans: medium

Schade: high

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24: Path Traversal: '../filedir'

CWE-328: Use of Weak Hash

CWE-354: Improper Validation of Integrity Check Value

CWE-404: Improper Resource Shutdown or Release

CWE-834: Excessive Iteration

CVE-2022-31160

Affected products

Known affected 5 products

Product	Identifier	Version
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:::::::*`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:::::::*`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2023-3817

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 4 products

Product	Identifier	Version
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:::::::*`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2023-6129

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-328 - Use of Weak Hash

Affected products

Known affected 3 products

Product	Identifier	Version
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—

CVE-2023-33201

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 4 products

Product	Identifier	Version
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:::::::*`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2023-35887

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-24 - Path Traversal: '../filedir'

Affected products

Known affected 4 products

Product	Identifier	Version
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:::::::*`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2023-38552

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-354 - Improper Validation of Integrity Check Value

Affected products

Known affected 3 products

Product	Identifier	Version
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2024-21150

Affected products

Known affected 4 products

Product	Identifier	Version
jd_edwards_enterpriseone_tools oracle_corporation	`cpe:2.3:a:oracle_corporation:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

CVE-2024-21168

Affected products

Known affected 4 products

Product	Identifier	Version
jd_edwards_enterpriseone_orchestrator oracle_corporation	`cpe:2.3:a:oracle_corporation:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_orchestrator oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::`	—
jd_edwards_enterpriseone_tools oracle	`cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::`	—
jd_edwards_world_security oracle	`cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*`	—

References

18 references

URL	Category
https://nvd.nist.gov/vuln/detail/CVE-2022-31160	external
https://nvd.nist.gov/vuln/detail/CVE-2023-33201	external
https://nvd.nist.gov/vuln/detail/CVE-2023-35887	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3817	external
https://nvd.nist.gov/vuln/detail/CVE-2023-38552	external
https://nvd.nist.gov/vuln/detail/CVE-2023-6129	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21150	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21168	external
https://www.oracle.com/docs/tech/security-alerts/…	external
https://www.oracle.com/security-alerts/cpujul2024.html	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2022…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2023…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Er zijn kwetsbaarheden verholpen in Oracle JD Edwards.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Path Traversal: \u0027../filedir\u0027",
        "title": "CWE-24"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Improper Validation of Integrity Check Value",
        "title": "CWE-354"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Excessive Iteration",
        "title": "CWE-834"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31160"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21150"
      },
      {
        "category": "external",
        "summary": "Source - nvd",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21168"
      },
      {
        "category": "external",
        "summary": "Reference - oracle",
        "url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
      },
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; ibm; nvd; oracle",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle JD Edwards",
    "tracking": {
      "current_release_date": "2024-07-17T13:54:52.031796Z",
      "id": "NCSC-2024-0302",
      "initial_release_date": "2024-07-17T13:54:52.031796Z",
      "revision_history": [
        {
          "date": "2024-07-17T13:54:52.031796Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165543",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165542",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-9366",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165541",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165540",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165539",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-161291",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165538",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165537",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-41393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-611382",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.7:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-1503976",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.8.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-1503977",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.8.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_world_security",
            "product": {
              "name": "jd_edwards_world_security",
              "product_id": "CSAFPID-41391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_orchestrator",
            "product": {
              "name": "jd_edwards_enterpriseone_orchestrator",
              "product_id": "CSAFPID-266143",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165552",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-266526",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-165545",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_orchestrator",
            "product": {
              "name": "jd_edwards_enterpriseone_orchestrator",
              "product_id": "CSAFPID-1503565",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "jd_edwards_enterpriseone_tools",
            "product": {
              "name": "jd_edwards_enterpriseone_tools",
              "product_id": "CSAFPID-1494845",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle_corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-31160",
      "product_status": {
        "known_affected": [
          "CSAFPID-41393",
          "CSAFPID-611382",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-31160",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-31160.json"
        }
      ],
      "title": "CVE-2022-31160"
    },
    {
      "cve": "CVE-2023-3817",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Excessive Iteration",
          "title": "CWE-834"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-611382",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-3817",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-611382",
            "CSAFPID-266143",
            "CSAFPID-266526",
            "CSAFPID-41391"
          ]
        }
      ],
      "title": "CVE-2023-3817"
    },
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-41391",
          "CSAFPID-266143",
          "CSAFPID-266526"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6129",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-41391",
            "CSAFPID-266143",
            "CSAFPID-266526"
          ]
        }
      ],
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2023-33201",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-611382",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-33201",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-611382",
            "CSAFPID-266143",
            "CSAFPID-266526",
            "CSAFPID-41391"
          ]
        }
      ],
      "title": "CVE-2023-33201"
    },
    {
      "cve": "CVE-2023-35887",
      "cwe": {
        "id": "CWE-24",
        "name": "Path Traversal: \u0027../filedir\u0027"
      },
      "notes": [
        {
          "category": "other",
          "text": "Path Traversal: \u0027../filedir\u0027",
          "title": "CWE-24"
        },
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-611382",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-35887",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-35887.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-611382",
            "CSAFPID-266143",
            "CSAFPID-266526",
            "CSAFPID-41391"
          ]
        }
      ],
      "title": "CVE-2023-35887"
    },
    {
      "cve": "CVE-2023-38552",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Integrity Check Value",
          "title": "CWE-354"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38552",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38552.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-266143",
            "CSAFPID-266526",
            "CSAFPID-41391"
          ]
        }
      ],
      "title": "CVE-2023-38552"
    },
    {
      "cve": "CVE-2024-21150",
      "product_status": {
        "known_affected": [
          "CSAFPID-1494845",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21150",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21150.json"
        }
      ],
      "title": "CVE-2024-21150"
    },
    {
      "cve": "CVE-2024-21168",
      "product_status": {
        "known_affected": [
          "CSAFPID-1503565",
          "CSAFPID-266143",
          "CSAFPID-266526",
          "CSAFPID-41391"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21168",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21168.json"
        }
      ],
      "title": "CVE-2024-21168"
    }
  ]
}

RHSA-2023:5396

Vulnerability from csaf_redhat - Published: 2023-09-28 11:55 - Updated: 2026-05-01 16:24

Summary

Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update

Severity

Moderate

Notes

Topic: An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.4 in the Release Notes[3]. Security Fix(es): * infispan: REST bulk ops don't check permissions (CVE-2023-3628) * infinispan: Non-admins should not be able to get cache config via REST API (CVE-2023-3629) * netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462) * jackson-databind: denial of service via cylic dependencies (CVE-2023-35116) * apache-mina: information exposure in SFTP server implementations (CVE-2023-35887) * infinispan: circular reference on marshalling leads to DoS (CVE-2023-5236) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-45047

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-3628

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-304 - Missing Critical Step in Authentication

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-3629

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-304 - Missing Critical Step in Authentication

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-5236

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix

Threats

Impact Low

CVE-2023-34462

A flaw was found in Netty's SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2023-35887

A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Red Hat Data Grid 8.4.4 Red Hat / Red Hat JBoss Data Grid	`cpe:/a:redhat:jboss_data_grid:8`	—	Vendor Fix fix

Threats

Impact Moderate

References

40 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:5396	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/jbossnetwork/restricted…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215214	external
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://bugzilla.redhat.com/show_bug.cgi?id=2217924	external
https://bugzilla.redhat.com/show_bug.cgi?id=2217926	external
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://bugzilla.redhat.com/show_bug.cgi?id=2240999	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-45047	self
https://bugzilla.redhat.com/show_bug.cgi?id=2145194	external
https://www.cve.org/CVERecord?id=CVE-2022-45047	external
https://nvd.nist.gov/vuln/detail/CVE-2022-45047	external
https://www.mail-archive.com/dev@mina.apache.org/…	external
https://access.redhat.com/security/cve/CVE-2023-3628	self
https://bugzilla.redhat.com/show_bug.cgi?id=2217924	external
https://www.cve.org/CVERecord?id=CVE-2023-3628	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3628	external
https://access.redhat.com/security/cve/CVE-2023-3629	self
https://bugzilla.redhat.com/show_bug.cgi?id=2217926	external
https://www.cve.org/CVERecord?id=CVE-2023-3629	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3629	external
https://access.redhat.com/security/cve/CVE-2023-5236	self
https://bugzilla.redhat.com/show_bug.cgi?id=2240999	external
https://www.cve.org/CVERecord?id=CVE-2023-5236	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5236	external
https://access.redhat.com/security/cve/CVE-2023-34462	self
https://bugzilla.redhat.com/show_bug.cgi?id=2216888	external
https://www.cve.org/CVERecord?id=CVE-2023-34462	external
https://nvd.nist.gov/vuln/detail/CVE-2023-34462	external
https://access.redhat.com/security/cve/CVE-2023-35116	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215214	external
https://www.cve.org/CVERecord?id=CVE-2023-35116	external
https://nvd.nist.gov/vuln/detail/CVE-2023-35116	external
https://access.redhat.com/security/cve/CVE-2023-35887	self
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://www.cve.org/CVERecord?id=CVE-2023-35887	external
https://nvd.nist.gov/vuln/detail/CVE-2023-35887	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Data Grid 8 is now available.\n \nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.\n \nData Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Find out more about Data Grid 8.4.4 in the Release Notes[3].\n\nSecurity Fix(es):\n\n* infispan: REST bulk ops don\u0027t check permissions (CVE-2023-3628)\n\n* infinispan: Non-admins should not be able to get cache config via REST API (CVE-2023-3629)\n\n* netty: SniHandler 16MB allocation leads to OOM (CVE-2023-34462)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\n* apache-mina: information exposure in SFTP server implementations (CVE-2023-35887)\n\n* infinispan: circular reference on marshalling leads to DoS (CVE-2023-5236)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:5396",
        "url": "https://access.redhat.com/errata/RHSA-2023:5396"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.4\u0026downloadType=patches",
        "url": "https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381\u0026product=data.grid\u0026version=8.4\u0026downloadType=patches"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.4/html-single/red_hat_data_grid_8.4_release_notes/index"
      },
      {
        "category": "external",
        "summary": "2215214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
      },
      {
        "category": "external",
        "summary": "2216888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
      },
      {
        "category": "external",
        "summary": "2217924",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217924"
      },
      {
        "category": "external",
        "summary": "2217926",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926"
      },
      {
        "category": "external",
        "summary": "2240036",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
      },
      {
        "category": "external",
        "summary": "2240999",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240999"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5396.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update",
    "tracking": {
      "current_release_date": "2026-05-01T16:24:31+00:00",
      "generator": {
        "date": "2026-05-01T16:24:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2023:5396",
      "initial_release_date": "2023-09-28T11:55:36+00:00",
      "revision_history": [
        {
          "date": "2023-09-28T11:55:36+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-09-28T11:55:36+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-01T16:24:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Data Grid 8.4.4",
                "product": {
                  "name": "Red Hat Data Grid 8.4.4",
                  "product_id": "Red Hat Data Grid 8.4.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_data_grid:8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Data Grid"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-45047",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2022-11-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2145194"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mina-sshd: Java unsafe deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "RHBZ#2145194",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047"
        },
        {
          "category": "external",
          "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
          "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
        }
      ],
      "release_date": "2022-11-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        },
        {
          "category": "workaround",
          "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "mina-sshd: Java unsafe deserialization vulnerability"
    },
    {
      "cve": "CVE-2023-3628",
      "cwe": {
        "id": "CWE-304",
        "name": "Missing Critical Step in Authentication"
      },
      "discovery_date": "2023-06-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2217924"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Infinispan\u0027s REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "infispan: REST bulk ops don\u0027t check permissions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3628"
        },
        {
          "category": "external",
          "summary": "RHBZ#2217924",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217924"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3628"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3628",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3628"
        }
      ],
      "release_date": "2023-09-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "infispan: REST bulk ops don\u0027t check permissions"
    },
    {
      "cve": "CVE-2023-3629",
      "cwe": {
        "id": "CWE-304",
        "name": "Missing Critical Step in Authentication"
      },
      "discovery_date": "2023-06-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2217926"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Infinispan\u0027s REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "infinispan: Non-admins should not be able to get cache config via REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3629"
        },
        {
          "category": "external",
          "summary": "RHBZ#2217926",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217926"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3629"
        }
      ],
      "release_date": "2023-09-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "infinispan: Non-admins should not be able to get cache config via REST API"
    },
    {
      "cve": "CVE-2023-5236",
      "discovery_date": "2023-03-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2240999"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "infinispan: circular reference on marshalling leads to DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5236"
        },
        {
          "category": "external",
          "summary": "RHBZ#2240999",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240999"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5236",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5236"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5236",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5236"
        }
      ],
      "release_date": "2023-09-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "infinispan: circular reference on marshalling leads to DoS"
    },
    {
      "cve": "CVE-2023-34462",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty: SniHandler 16MB allocation leads to OOM",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
        }
      ],
      "release_date": "2023-06-23T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        },
        {
          "category": "workaround",
          "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty: SniHandler 16MB allocation leads to OOM"
    },
    {
      "cve": "CVE-2023-35116",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215214"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: denial of service via cylic dependencies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-35116"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215214",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        },
        {
          "category": "workaround",
          "details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: denial of service via cylic dependencies"
    },
    {
      "cve": "CVE-2023-35887",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-09-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2240036"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-mina-sshd: information exposure in SFTP server implementations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Data Grid 8.4.4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "RHBZ#2240036",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
        }
      ],
      "release_date": "2023-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-09-28T11:55:36+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Red Hat Data Grid 8.4.4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:5396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Data Grid 8.4.4"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-mina-sshd: information exposure in SFTP server implementations"
    }
  ]
}

RHSA-2023:7637

Vulnerability from csaf_redhat - Published: 2023-12-04 18:01 - Updated: 2026-04-30 16:10

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410) * guava: insecure temporary directory creation (CVE-2023-2976) * eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503) * jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048) * jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049) * sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887) A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-2976

A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround

Known not affected 77 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src	—	Workaround

Threats

Impact Moderate

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-665 - Improper Initialization

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src		—

Threats

Impact Moderate

CVE-2023-5685

A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch		—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src		—	Vendor Fix fix Workaround

Known not affected 78 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src	—	Workaround

Threats

Impact Important

CVE-2023-26048

A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 80 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 10 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix

Known not affected 70 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src		—

Threats

Impact Moderate

CVE-2023-35887

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src		—

Threats

Impact Moderate

CVE-2023-39410

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch		—	Vendor Fix fix
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src		—	Vendor Fix fix

Known not affected 78 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch		—
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src		—

Threats

Impact Important

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 40 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src	—	Vendor Fix fix Workaround

Known not affected 40 products

Product	Version	Remediation
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch	—	Workaround
Unresolved product id: 7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src	—	Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

77 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7637	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184751	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242521	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://issues.redhat.com/browse/JBEAP-25004	external
https://issues.redhat.com/browse/JBEAP-25085	external
https://issues.redhat.com/browse/JBEAP-25086	external
https://issues.redhat.com/browse/JBEAP-25378	external
https://issues.redhat.com/browse/JBEAP-25380	external
https://issues.redhat.com/browse/JBEAP-25419	external
https://issues.redhat.com/browse/JBEAP-25451	external
https://issues.redhat.com/browse/JBEAP-25457	external
https://issues.redhat.com/browse/JBEAP-25541	external
https://issues.redhat.com/browse/JBEAP-25547	external
https://issues.redhat.com/browse/JBEAP-25576	external
https://issues.redhat.com/browse/JBEAP-25594	external
https://issues.redhat.com/browse/JBEAP-25627	external
https://issues.redhat.com/browse/JBEAP-25657	external
https://issues.redhat.com/browse/JBEAP-25685	external
https://issues.redhat.com/browse/JBEAP-25700	external
https://issues.redhat.com/browse/JBEAP-25716	external
https://issues.redhat.com/browse/JBEAP-25726	external
https://issues.redhat.com/browse/JBEAP-25772	external
https://issues.redhat.com/browse/JBEAP-25779	external
https://issues.redhat.com/browse/JBEAP-25803	external
https://issues.redhat.com/browse/JBEAP-25838	external
https://issues.redhat.com/browse/JBEAP-26041	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-4503	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184751	external
https://www.cve.org/CVERecord?id=CVE-2023-4503	external
https://nvd.nist.gov/vuln/detail/CVE-2023-4503	external
https://access.redhat.com/security/cve/CVE-2023-5685	self
https://bugzilla.redhat.com/show_bug.cgi?id=2241822	external
https://www.cve.org/CVERecord?id=CVE-2023-5685	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5685	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-35887	self
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://www.cve.org/CVERecord?id=CVE-2023-35887	external
https://nvd.nist.gov/vuln/detail/CVE-2023-35887	external
https://access.redhat.com/security/cve/CVE-2023-39410	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242521	external
https://www.cve.org/CVERecord?id=CVE-2023-39410	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39410	external
https://issues.apache.org/jira/browse/AVRO-3819	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7637",
        "url": "https://access.redhat.com/errata/RHSA-2023:7637"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "category": "external",
        "summary": "2184751",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2240036",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
      },
      {
        "category": "external",
        "summary": "2242521",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "JBEAP-25004",
        "url": "https://issues.redhat.com/browse/JBEAP-25004"
      },
      {
        "category": "external",
        "summary": "JBEAP-25085",
        "url": "https://issues.redhat.com/browse/JBEAP-25085"
      },
      {
        "category": "external",
        "summary": "JBEAP-25086",
        "url": "https://issues.redhat.com/browse/JBEAP-25086"
      },
      {
        "category": "external",
        "summary": "JBEAP-25378",
        "url": "https://issues.redhat.com/browse/JBEAP-25378"
      },
      {
        "category": "external",
        "summary": "JBEAP-25380",
        "url": "https://issues.redhat.com/browse/JBEAP-25380"
      },
      {
        "category": "external",
        "summary": "JBEAP-25419",
        "url": "https://issues.redhat.com/browse/JBEAP-25419"
      },
      {
        "category": "external",
        "summary": "JBEAP-25451",
        "url": "https://issues.redhat.com/browse/JBEAP-25451"
      },
      {
        "category": "external",
        "summary": "JBEAP-25457",
        "url": "https://issues.redhat.com/browse/JBEAP-25457"
      },
      {
        "category": "external",
        "summary": "JBEAP-25541",
        "url": "https://issues.redhat.com/browse/JBEAP-25541"
      },
      {
        "category": "external",
        "summary": "JBEAP-25547",
        "url": "https://issues.redhat.com/browse/JBEAP-25547"
      },
      {
        "category": "external",
        "summary": "JBEAP-25576",
        "url": "https://issues.redhat.com/browse/JBEAP-25576"
      },
      {
        "category": "external",
        "summary": "JBEAP-25594",
        "url": "https://issues.redhat.com/browse/JBEAP-25594"
      },
      {
        "category": "external",
        "summary": "JBEAP-25627",
        "url": "https://issues.redhat.com/browse/JBEAP-25627"
      },
      {
        "category": "external",
        "summary": "JBEAP-25657",
        "url": "https://issues.redhat.com/browse/JBEAP-25657"
      },
      {
        "category": "external",
        "summary": "JBEAP-25685",
        "url": "https://issues.redhat.com/browse/JBEAP-25685"
      },
      {
        "category": "external",
        "summary": "JBEAP-25700",
        "url": "https://issues.redhat.com/browse/JBEAP-25700"
      },
      {
        "category": "external",
        "summary": "JBEAP-25716",
        "url": "https://issues.redhat.com/browse/JBEAP-25716"
      },
      {
        "category": "external",
        "summary": "JBEAP-25726",
        "url": "https://issues.redhat.com/browse/JBEAP-25726"
      },
      {
        "category": "external",
        "summary": "JBEAP-25772",
        "url": "https://issues.redhat.com/browse/JBEAP-25772"
      },
      {
        "category": "external",
        "summary": "JBEAP-25779",
        "url": "https://issues.redhat.com/browse/JBEAP-25779"
      },
      {
        "category": "external",
        "summary": "JBEAP-25803",
        "url": "https://issues.redhat.com/browse/JBEAP-25803"
      },
      {
        "category": "external",
        "summary": "JBEAP-25838",
        "url": "https://issues.redhat.com/browse/JBEAP-25838"
      },
      {
        "category": "external",
        "summary": "JBEAP-26041",
        "url": "https://issues.redhat.com/browse/JBEAP-26041"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7637.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update",
    "tracking": {
      "current_release_date": "2026-04-30T16:10:21+00:00",
      "generator": {
        "date": "2026-04-30T16:10:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2023:7637",
      "initial_release_date": "2023-12-04T18:01:18+00:00",
      "revision_history": [
        {
          "date": "2023-12-04T18:01:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-12-04T18:01:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:10:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
                  "product_id": "7Server-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
                "product": {
                  "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
                  "product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
                  "product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
                "product": {
                  "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
                  "product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el7eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
                  "product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el7eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.14-1.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.32-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-17.redhat_00051.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava@32.1.1-2.jre_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                "product": {
                  "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_id": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-web@3.1.10-2.Final_redhat_00001.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-33.Final_redhat_00032.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.14-5.GA_redhat_00002.1.el7eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch"
        },
        "product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
          "product_id": "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        },
        "product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src",
        "relates_to_product_reference": "7Server-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "cve": "CVE-2023-4503",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "discovery_date": "2022-11-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184751"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eap-galleon: custom provisioning creates unsecured http-invoker",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4503"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184751",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "eap-galleon: custom provisioning creates unsecured http-invoker"
    },
    {
      "cve": "CVE-2023-5685",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5685"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
        }
      ],
      "release_date": "2024-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        },
        {
          "category": "workaround",
          "details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-35887",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-09-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2240036"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-mina-sshd: information exposure in SFTP server implementations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "RHBZ#2240036",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
        }
      ],
      "release_date": "2023-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-mina-sshd: information exposure in SFTP server implementations"
    },
    {
      "cve": "CVE-2023-39410",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2023-10-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242521"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242521",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/AVRO-3819",
          "url": "https://issues.apache.org/jira/browse/AVRO-3819"
        }
      ],
      "release_date": "2023-09-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
        ],
        "known_not_affected": [
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
          "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
          "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:01:18+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7637"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el7eap.src",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.noarch",
            "7Server-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el7eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

RHSA-2023:7638

Vulnerability from csaf_redhat - Published: 2023-12-04 18:02 - Updated: 2026-04-30 16:10

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2023-2976

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-552 - Files or Directories Accessible to External Parties

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround

Known not affected 78 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src	—	Workaround

Threats

Impact Moderate

CVE-2023-4503

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-665 - Improper Initialization

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src		—

Threats

Impact Moderate

CVE-2023-5685

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch		—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src		—	Vendor Fix fix Workaround

Known not affected 79 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src	—	Workaround

Threats

Impact Important

CVE-2023-26048

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 81 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2023-26049

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 11 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix

Known not affected 70 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src		—

Threats

Impact Moderate

CVE-2023-35887

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix

Known not affected 72 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src		—

Threats

Impact Moderate

CVE-2023-39410

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-502 - Deserialization of Untrusted Data

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch		—	Vendor Fix fix
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src		—	Vendor Fix fix

Known not affected 79 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch		—
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src		—

Threats

Impact Important

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 41 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src	—	Vendor Fix fix Workaround

Known not affected 40 products

Product	Version	Remediation
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch	—	Workaround
Unresolved product id: 8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src	—	Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

77 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7638	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://access.redhat.com/documentation/en-us/red…	external
https://access.redhat.com/documentation/en-us/red…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184751	external
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242521	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://issues.redhat.com/browse/JBEAP-25004	external
https://issues.redhat.com/browse/JBEAP-25085	external
https://issues.redhat.com/browse/JBEAP-25086	external
https://issues.redhat.com/browse/JBEAP-25378	external
https://issues.redhat.com/browse/JBEAP-25380	external
https://issues.redhat.com/browse/JBEAP-25419	external
https://issues.redhat.com/browse/JBEAP-25451	external
https://issues.redhat.com/browse/JBEAP-25457	external
https://issues.redhat.com/browse/JBEAP-25541	external
https://issues.redhat.com/browse/JBEAP-25547	external
https://issues.redhat.com/browse/JBEAP-25576	external
https://issues.redhat.com/browse/JBEAP-25594	external
https://issues.redhat.com/browse/JBEAP-25627	external
https://issues.redhat.com/browse/JBEAP-25657	external
https://issues.redhat.com/browse/JBEAP-25685	external
https://issues.redhat.com/browse/JBEAP-25700	external
https://issues.redhat.com/browse/JBEAP-25716	external
https://issues.redhat.com/browse/JBEAP-25726	external
https://issues.redhat.com/browse/JBEAP-25772	external
https://issues.redhat.com/browse/JBEAP-25779	external
https://issues.redhat.com/browse/JBEAP-25803	external
https://issues.redhat.com/browse/JBEAP-25838	external
https://issues.redhat.com/browse/JBEAP-26041	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-2976	self
https://bugzilla.redhat.com/show_bug.cgi?id=2215229	external
https://www.cve.org/CVERecord?id=CVE-2023-2976	external
https://nvd.nist.gov/vuln/detail/CVE-2023-2976	external
https://access.redhat.com/security/cve/CVE-2023-4503	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184751	external
https://www.cve.org/CVERecord?id=CVE-2023-4503	external
https://nvd.nist.gov/vuln/detail/CVE-2023-4503	external
https://access.redhat.com/security/cve/CVE-2023-5685	self
https://bugzilla.redhat.com/show_bug.cgi?id=2241822	external
https://www.cve.org/CVERecord?id=CVE-2023-5685	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5685	external
https://access.redhat.com/security/cve/CVE-2023-26048	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236340	external
https://www.cve.org/CVERecord?id=CVE-2023-26048	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26048	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-26049	self
https://bugzilla.redhat.com/show_bug.cgi?id=2236341	external
https://www.cve.org/CVERecord?id=CVE-2023-26049	external
https://nvd.nist.gov/vuln/detail/CVE-2023-26049	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2023-35887	self
https://bugzilla.redhat.com/show_bug.cgi?id=2240036	external
https://www.cve.org/CVERecord?id=CVE-2023-35887	external
https://nvd.nist.gov/vuln/detail/CVE-2023-35887	external
https://access.redhat.com/security/cve/CVE-2023-39410	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242521	external
https://www.cve.org/CVERecord?id=CVE-2023-39410	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39410	external
https://issues.apache.org/jira/browse/AVRO-3819	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.\n\nSee the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7638",
        "url": "https://access.redhat.com/errata/RHSA-2023:7638"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
      },
      {
        "category": "external",
        "summary": "2184751",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
      },
      {
        "category": "external",
        "summary": "2215229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
      },
      {
        "category": "external",
        "summary": "2236340",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
      },
      {
        "category": "external",
        "summary": "2236341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
      },
      {
        "category": "external",
        "summary": "2240036",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
      },
      {
        "category": "external",
        "summary": "2242521",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "JBEAP-25004",
        "url": "https://issues.redhat.com/browse/JBEAP-25004"
      },
      {
        "category": "external",
        "summary": "JBEAP-25085",
        "url": "https://issues.redhat.com/browse/JBEAP-25085"
      },
      {
        "category": "external",
        "summary": "JBEAP-25086",
        "url": "https://issues.redhat.com/browse/JBEAP-25086"
      },
      {
        "category": "external",
        "summary": "JBEAP-25378",
        "url": "https://issues.redhat.com/browse/JBEAP-25378"
      },
      {
        "category": "external",
        "summary": "JBEAP-25380",
        "url": "https://issues.redhat.com/browse/JBEAP-25380"
      },
      {
        "category": "external",
        "summary": "JBEAP-25419",
        "url": "https://issues.redhat.com/browse/JBEAP-25419"
      },
      {
        "category": "external",
        "summary": "JBEAP-25451",
        "url": "https://issues.redhat.com/browse/JBEAP-25451"
      },
      {
        "category": "external",
        "summary": "JBEAP-25457",
        "url": "https://issues.redhat.com/browse/JBEAP-25457"
      },
      {
        "category": "external",
        "summary": "JBEAP-25541",
        "url": "https://issues.redhat.com/browse/JBEAP-25541"
      },
      {
        "category": "external",
        "summary": "JBEAP-25547",
        "url": "https://issues.redhat.com/browse/JBEAP-25547"
      },
      {
        "category": "external",
        "summary": "JBEAP-25576",
        "url": "https://issues.redhat.com/browse/JBEAP-25576"
      },
      {
        "category": "external",
        "summary": "JBEAP-25594",
        "url": "https://issues.redhat.com/browse/JBEAP-25594"
      },
      {
        "category": "external",
        "summary": "JBEAP-25627",
        "url": "https://issues.redhat.com/browse/JBEAP-25627"
      },
      {
        "category": "external",
        "summary": "JBEAP-25657",
        "url": "https://issues.redhat.com/browse/JBEAP-25657"
      },
      {
        "category": "external",
        "summary": "JBEAP-25685",
        "url": "https://issues.redhat.com/browse/JBEAP-25685"
      },
      {
        "category": "external",
        "summary": "JBEAP-25700",
        "url": "https://issues.redhat.com/browse/JBEAP-25700"
      },
      {
        "category": "external",
        "summary": "JBEAP-25716",
        "url": "https://issues.redhat.com/browse/JBEAP-25716"
      },
      {
        "category": "external",
        "summary": "JBEAP-25726",
        "url": "https://issues.redhat.com/browse/JBEAP-25726"
      },
      {
        "category": "external",
        "summary": "JBEAP-25772",
        "url": "https://issues.redhat.com/browse/JBEAP-25772"
      },
      {
        "category": "external",
        "summary": "JBEAP-25779",
        "url": "https://issues.redhat.com/browse/JBEAP-25779"
      },
      {
        "category": "external",
        "summary": "JBEAP-25803",
        "url": "https://issues.redhat.com/browse/JBEAP-25803"
      },
      {
        "category": "external",
        "summary": "JBEAP-25838",
        "url": "https://issues.redhat.com/browse/JBEAP-25838"
      },
      {
        "category": "external",
        "summary": "JBEAP-26041",
        "url": "https://issues.redhat.com/browse/JBEAP-26041"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7638.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update",
    "tracking": {
      "current_release_date": "2026-04-30T16:10:18+00:00",
      "generator": {
        "date": "2026-04-30T16:10:18+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2023:7638",
      "initial_release_date": "2023-12-04T18:02:31+00:00",
      "revision_history": [
        {
          "date": "2023-12-04T18:02:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-12-04T18:02:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:10:18+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                "product": {
                  "name": "Red Hat JBoss EAP 7.4 for RHEL 8",
                  "product_id": "8Base-JBEAP-7.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
                  "product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
                  "product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
                "product": {
                  "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
                  "product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el8eap?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
                "product": {
                  "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
                  "product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el8eap?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jandex@2.4.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-avro@1.11.3-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-yasson@1.0.11-4.redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-commons@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-component-annotations@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-core@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@11.0.18-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-transaction-client@1.1.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jgroups@4.2.23-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hal-console@3.3.20-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-xnio-base@3.8.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.32-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.14-1.SP1_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.9-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-apache-sshd@2.9.3-1.redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-jsp-api_2.3_spec@2.0.1-1.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-undertow@2.2.28-1.SP1_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                "product": {
                  "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_id": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-17.redhat_00051.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava@32.1.1-2.jre_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-guava-libraries@32.1.1-2.jre_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core-impl@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-core-jsf@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-ejb@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-jta@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-probe-core@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                "product": {
                  "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_id": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-weld-web@3.1.10-2.Final_redhat_00001.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                "product": {
                  "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_id": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-33.Final_redhat_00032.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                "product": {
                  "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_id": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.14-5.GA_redhat_00002.1.el8eap?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src"
        },
        "product_reference": "eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch"
        },
        "product_reference": "eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
        },
        "product_reference": "eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch"
        },
        "product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
          "product_id": "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        },
        "product_reference": "eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src",
        "relates_to_product_reference": "8Base-JBEAP-7.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-2976",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215229"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "guava: insecure temporary directory creation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215229",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        },
        {
          "category": "workaround",
          "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "guava: insecure temporary directory creation"
    },
    {
      "cve": "CVE-2023-4503",
      "cwe": {
        "id": "CWE-665",
        "name": "Improper Initialization"
      },
      "discovery_date": "2022-11-22T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184751"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eap-galleon: custom provisioning creates unsecured http-invoker",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-4503"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184751",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184751"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4503",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-4503"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4503"
        }
      ],
      "release_date": "2023-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "eap-galleon: custom provisioning creates unsecured http-invoker"
    },
    {
      "cve": "CVE-2023-5685",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-02T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2241822"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xnio: StackOverflowException when the chain of notifier states becomes problematically big",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat rates this vulnerability as an Important impact as the uncontrolled resource consumption may lead to Denial of Service (DoS). This might be intentioned by an attacker who is looking to jeopardize an environment.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5685"
        },
        {
          "category": "external",
          "summary": "RHBZ#2241822",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241822"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5685"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
        }
      ],
      "release_date": "2024-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        },
        {
          "category": "workaround",
          "details": "There is currently no mitigation available for this vulnerability. Please keep the packages up-to-date as the updates become available.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xnio: StackOverflowException when the chain of notifier states becomes problematically big"
    },
    {
      "cve": "CVE-2023-26048",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()"
    },
    {
      "cve": "CVE-2023-26049",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2023-08-30T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2236341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2236341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c"
        }
      ],
      "release_date": "2023-04-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies"
    },
    {
      "cve": "CVE-2023-35887",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2023-09-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2240036"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-mina-sshd: information exposure in SFTP server implementations",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "RHBZ#2240036",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887"
        }
      ],
      "release_date": "2023-07-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-mina-sshd: information exposure in SFTP server implementations"
    },
    {
      "cve": "CVE-2023-39410",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2023-10-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242521"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242521",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242521"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39410",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39410"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/AVRO-3819",
          "url": "https://issues.apache.org/jira/browse/AVRO-3819"
        }
      ],
      "release_date": "2023-09-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
        ],
        "known_not_affected": [
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
          "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
          "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-12-04T18:02:31+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7638"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-17.redhat_00051.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-17.redhat_00051.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-apache-sshd-0:2.9.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-avro-0:1.11.3-1.redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-guava-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-guava-libraries-0:32.1.1-2.jre_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.20-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-0:5.3.32-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-hibernate-core-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-entitymanager-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-envers-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-hibernate-java8-0:5.3.32-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-0:11.0.18-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-jdbc-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-cachestore-remote-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-client-hotrod-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-component-annotations-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-core-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-commons-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-spi-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-infinispan-hibernate-cache-v53-0:11.0.18-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jandex-0:2.4.4-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-jsp-api_2.3_spec-0:2.0.1-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-0:2.0.14-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-marshalling-river-0:2.0.14-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-33.Final_redhat_00032.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-33.Final_redhat_00032.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jboss-xnio-base-0:3.8.11-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.9-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-jgroups-0:4.2.23-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-undertow-0:2.2.28-1.SP1_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-weld-core-impl-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-core-jsf-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-ejb-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-jta-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-probe-core-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-weld-web-0:3.1.10-2.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.14-5.GA_redhat_00002.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.14-5.GA_redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-wildfly-transaction-client-0:1.1.16-1.Final_redhat_00001.1.el8eap.src",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.noarch",
            "8Base-JBEAP-7.4:eap7-yasson-0:1.0.11-4.redhat_00002.1.el8eap.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-35887 (GCVE-0-2023-35887)

Solutions

Tags

Sightings

Nomenclature