Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-2901 (GCVE-0-2025-2901)
Vulnerability from cvelistv5
This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-06-20T11:50:40.917Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-2901",
"datePublished": "2025-03-28T14:06:58.940Z",
"dateRejected": "2025-06-20T11:50:40.917Z",
"dateReserved": "2025-03-28T06:08:55.376Z",
"dateUpdated": "2025-06-20T11:50:40.917Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-2901\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-03-28T14:15:22.020\",\"lastModified\":\"2025-06-20T12:15:21.010\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.\"}],\"metrics\":{},\"references\":[]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-06-20T11:50:40.917Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-2901\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"REJECTED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2025-03-28T06:08:55.376Z\", \"datePublished\": \"2025-03-28T14:06:58.940Z\", \"dateUpdated\": \"2025-06-20T11:50:40.917Z\", \"dateRejected\": \"2025-06-20T11:50:40.917Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:10459
Vulnerability from csaf_redhat
Published
2025-07-07 13:35
Modified
2025-09-10 15:31
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10459",
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "JBEAP-28866",
"url": "https://issues.redhat.com/browse/JBEAP-28866"
},
{
"category": "external",
"summary": "JBEAP-28992",
"url": "https://issues.redhat.com/browse/JBEAP-28992"
},
{
"category": "external",
"summary": "JBEAP-29257",
"url": "https://issues.redhat.com/browse/JBEAP-29257"
},
{
"category": "external",
"summary": "JBEAP-29530",
"url": "https://issues.redhat.com/browse/JBEAP-29530"
},
{
"category": "external",
"summary": "JBEAP-29679",
"url": "https://issues.redhat.com/browse/JBEAP-29679"
},
{
"category": "external",
"summary": "JBEAP-29691",
"url": "https://issues.redhat.com/browse/JBEAP-29691"
},
{
"category": "external",
"summary": "JBEAP-29692",
"url": "https://issues.redhat.com/browse/JBEAP-29692"
},
{
"category": "external",
"summary": "JBEAP-29806",
"url": "https://issues.redhat.com/browse/JBEAP-29806"
},
{
"category": "external",
"summary": "JBEAP-29863",
"url": "https://issues.redhat.com/browse/JBEAP-29863"
},
{
"category": "external",
"summary": "JBEAP-29867",
"url": "https://issues.redhat.com/browse/JBEAP-29867"
},
{
"category": "external",
"summary": "JBEAP-29984",
"url": "https://issues.redhat.com/browse/JBEAP-29984"
},
{
"category": "external",
"summary": "JBEAP-29999",
"url": "https://issues.redhat.com/browse/JBEAP-29999"
},
{
"category": "external",
"summary": "JBEAP-30087",
"url": "https://issues.redhat.com/browse/JBEAP-30087"
},
{
"category": "external",
"summary": "JBEAP-30151",
"url": "https://issues.redhat.com/browse/JBEAP-30151"
},
{
"category": "external",
"summary": "JBEAP-30157",
"url": "https://issues.redhat.com/browse/JBEAP-30157"
},
{
"category": "external",
"summary": "JBEAP-30263",
"url": "https://issues.redhat.com/browse/JBEAP-30263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10459.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
"tracking": {
"current_release_date": "2025-09-10T15:31:45+00:00",
"generator": {
"date": "2025-09-10T15:31:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10459",
"initial_release_date": "2025-07-07T13:35:06+00:00",
"revision_history": [
{
"date": "2025-07-07T13:35:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-07T13:35:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T15:31:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8.0.8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8.0.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:35:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:35:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:35:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-27611",
"cwe": {
"id": "CWE-1007",
"name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
},
"discovery_date": "2025-04-30T20:00:45.852222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27611"
},
{
"category": "external",
"summary": "RHBZ#2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/pull/86",
"url": "https://github.com/cryptocoinjs/base-x/pull/86"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
}
],
"release_date": "2025-04-30T19:36:57.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:35:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:35:06+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10459"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0.8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10924
Vulnerability from csaf_redhat
Published
2025-07-14 15:56
Modified
2025-09-12 20:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10924",
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "JBEAP-28676",
"url": "https://issues.redhat.com/browse/JBEAP-28676"
},
{
"category": "external",
"summary": "JBEAP-28905",
"url": "https://issues.redhat.com/browse/JBEAP-28905"
},
{
"category": "external",
"summary": "JBEAP-29217",
"url": "https://issues.redhat.com/browse/JBEAP-29217"
},
{
"category": "external",
"summary": "JBEAP-29440",
"url": "https://issues.redhat.com/browse/JBEAP-29440"
},
{
"category": "external",
"summary": "JBEAP-29815",
"url": "https://issues.redhat.com/browse/JBEAP-29815"
},
{
"category": "external",
"summary": "JBEAP-29862",
"url": "https://issues.redhat.com/browse/JBEAP-29862"
},
{
"category": "external",
"summary": "JBEAP-29866",
"url": "https://issues.redhat.com/browse/JBEAP-29866"
},
{
"category": "external",
"summary": "JBEAP-29914",
"url": "https://issues.redhat.com/browse/JBEAP-29914"
},
{
"category": "external",
"summary": "JBEAP-29969",
"url": "https://issues.redhat.com/browse/JBEAP-29969"
},
{
"category": "external",
"summary": "JBEAP-30031",
"url": "https://issues.redhat.com/browse/JBEAP-30031"
},
{
"category": "external",
"summary": "JBEAP-30059",
"url": "https://issues.redhat.com/browse/JBEAP-30059"
},
{
"category": "external",
"summary": "JBEAP-30264",
"url": "https://issues.redhat.com/browse/JBEAP-30264"
},
{
"category": "external",
"summary": "JBEAP-30359",
"url": "https://issues.redhat.com/browse/JBEAP-30359"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10924.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
"tracking": {
"current_release_date": "2025-09-12T20:03:55+00:00",
"generator": {
"date": "2025-09-12T20:03:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10924",
"initial_release_date": "2025-07-14T15:56:17+00:00",
"revision_history": [
{
"date": "2025-07-14T15:56:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-14T15:56:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-12T20:03:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product": {
"name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_id": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-debuginfo@1.0.2-5.redhat_00004.1.el7eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
},
"product_reference": "eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10234",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-10-22T01:46:48.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2320848"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10234"
},
{
"category": "external",
"summary": "RHBZ#2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
}
],
"release_date": "2024-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
},
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-35036",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-06-03T20:00:52.377542+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370118"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Hibernate Validator Expression Language Injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-35036"
},
{
"category": "external",
"summary": "RHBZ#2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
},
{
"category": "external",
"summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
"url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
"url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
"url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
"url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
"url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
"url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
"url": "https://github.com/hibernate/hibernate-validator/pull/1138"
},
{
"category": "external",
"summary": "https://hibernate.atlassian.net/browse/HV-1816",
"url": "https://hibernate.atlassian.net/browse/HV-1816"
},
{
"category": "external",
"summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
"url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
},
{
"category": "external",
"summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
"url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
},
{
"category": "external",
"summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
"url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
}
],
"release_date": "2025-06-03T19:27:42.900000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
},
{
"category": "workaround",
"details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hibernate-validator: Hibernate Validator Expression Language Injection"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10924"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-debuginfo-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el7eap.x86_64",
"7Server-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10453
Vulnerability from csaf_redhat
Published
2025-07-07 13:27
Modified
2025-09-10 15:31
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10453",
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "JBEAP-28866",
"url": "https://issues.redhat.com/browse/JBEAP-28866"
},
{
"category": "external",
"summary": "JBEAP-28992",
"url": "https://issues.redhat.com/browse/JBEAP-28992"
},
{
"category": "external",
"summary": "JBEAP-29253",
"url": "https://issues.redhat.com/browse/JBEAP-29253"
},
{
"category": "external",
"summary": "JBEAP-29257",
"url": "https://issues.redhat.com/browse/JBEAP-29257"
},
{
"category": "external",
"summary": "JBEAP-29530",
"url": "https://issues.redhat.com/browse/JBEAP-29530"
},
{
"category": "external",
"summary": "JBEAP-29679",
"url": "https://issues.redhat.com/browse/JBEAP-29679"
},
{
"category": "external",
"summary": "JBEAP-29691",
"url": "https://issues.redhat.com/browse/JBEAP-29691"
},
{
"category": "external",
"summary": "JBEAP-29692",
"url": "https://issues.redhat.com/browse/JBEAP-29692"
},
{
"category": "external",
"summary": "JBEAP-29806",
"url": "https://issues.redhat.com/browse/JBEAP-29806"
},
{
"category": "external",
"summary": "JBEAP-29863",
"url": "https://issues.redhat.com/browse/JBEAP-29863"
},
{
"category": "external",
"summary": "JBEAP-29867",
"url": "https://issues.redhat.com/browse/JBEAP-29867"
},
{
"category": "external",
"summary": "JBEAP-29984",
"url": "https://issues.redhat.com/browse/JBEAP-29984"
},
{
"category": "external",
"summary": "JBEAP-29999",
"url": "https://issues.redhat.com/browse/JBEAP-29999"
},
{
"category": "external",
"summary": "JBEAP-30087",
"url": "https://issues.redhat.com/browse/JBEAP-30087"
},
{
"category": "external",
"summary": "JBEAP-30151",
"url": "https://issues.redhat.com/browse/JBEAP-30151"
},
{
"category": "external",
"summary": "JBEAP-30157",
"url": "https://issues.redhat.com/browse/JBEAP-30157"
},
{
"category": "external",
"summary": "JBEAP-30263",
"url": "https://issues.redhat.com/browse/JBEAP-30263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
"tracking": {
"current_release_date": "2025-09-10T15:31:44+00:00",
"generator": {
"date": "2025-09-10T15:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10453",
"initial_release_date": "2025-07-07T13:27:47+00:00",
"revision_history": [
{
"date": "2025-07-07T13:27:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-07T13:27:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T15:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
},
"product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-27611",
"cwe": {
"id": "CWE-1007",
"name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
},
"discovery_date": "2025-04-30T20:00:45.852222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27611"
},
{
"category": "external",
"summary": "RHBZ#2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/pull/86",
"url": "https://github.com/cryptocoinjs/base-x/pull/86"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
}
],
"release_date": "2025-04-30T19:36:57.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10926
Vulnerability from csaf_redhat
Published
2025-07-14 15:55
Modified
2025-09-12 20:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10926",
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "JBEAP-28676",
"url": "https://issues.redhat.com/browse/JBEAP-28676"
},
{
"category": "external",
"summary": "JBEAP-28905",
"url": "https://issues.redhat.com/browse/JBEAP-28905"
},
{
"category": "external",
"summary": "JBEAP-29219",
"url": "https://issues.redhat.com/browse/JBEAP-29219"
},
{
"category": "external",
"summary": "JBEAP-29440",
"url": "https://issues.redhat.com/browse/JBEAP-29440"
},
{
"category": "external",
"summary": "JBEAP-29815",
"url": "https://issues.redhat.com/browse/JBEAP-29815"
},
{
"category": "external",
"summary": "JBEAP-29862",
"url": "https://issues.redhat.com/browse/JBEAP-29862"
},
{
"category": "external",
"summary": "JBEAP-29866",
"url": "https://issues.redhat.com/browse/JBEAP-29866"
},
{
"category": "external",
"summary": "JBEAP-29914",
"url": "https://issues.redhat.com/browse/JBEAP-29914"
},
{
"category": "external",
"summary": "JBEAP-29969",
"url": "https://issues.redhat.com/browse/JBEAP-29969"
},
{
"category": "external",
"summary": "JBEAP-30031",
"url": "https://issues.redhat.com/browse/JBEAP-30031"
},
{
"category": "external",
"summary": "JBEAP-30059",
"url": "https://issues.redhat.com/browse/JBEAP-30059"
},
{
"category": "external",
"summary": "JBEAP-30264",
"url": "https://issues.redhat.com/browse/JBEAP-30264"
},
{
"category": "external",
"summary": "JBEAP-30359",
"url": "https://issues.redhat.com/browse/JBEAP-30359"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10926.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
"tracking": {
"current_release_date": "2025-09-12T20:03:52+00:00",
"generator": {
"date": "2025-09-12T20:03:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10926",
"initial_release_date": "2025-07-14T15:55:57+00:00",
"revision_history": [
{
"date": "2025-07-14T15:55:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-14T15:55:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-12T20:03:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el9eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 9",
"product_id": "9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10234",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-10-22T01:46:48.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2320848"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10234"
},
{
"category": "external",
"summary": "RHBZ#2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
}
],
"release_date": "2024-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
},
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-35036",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-06-03T20:00:52.377542+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370118"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Hibernate Validator Expression Language Injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-35036"
},
{
"category": "external",
"summary": "RHBZ#2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
},
{
"category": "external",
"summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
"url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
"url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
"url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
"url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
"url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
"url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
"url": "https://github.com/hibernate/hibernate-validator/pull/1138"
},
{
"category": "external",
"summary": "https://hibernate.atlassian.net/browse/HV-1816",
"url": "https://hibernate.atlassian.net/browse/HV-1816"
},
{
"category": "external",
"summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
"url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
},
{
"category": "external",
"summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
"url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
},
{
"category": "external",
"summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
"url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
}
],
"release_date": "2025-06-03T19:27:42.900000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
},
{
"category": "workaround",
"details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hibernate-validator: Hibernate Validator Expression Language Injection"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:55:57+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el9eap.x86_64",
"9Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10452
Vulnerability from csaf_redhat
Published
2025-07-07 13:32
Modified
2025-09-10 15:31
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10452",
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "JBEAP-28866",
"url": "https://issues.redhat.com/browse/JBEAP-28866"
},
{
"category": "external",
"summary": "JBEAP-28992",
"url": "https://issues.redhat.com/browse/JBEAP-28992"
},
{
"category": "external",
"summary": "JBEAP-29252",
"url": "https://issues.redhat.com/browse/JBEAP-29252"
},
{
"category": "external",
"summary": "JBEAP-29257",
"url": "https://issues.redhat.com/browse/JBEAP-29257"
},
{
"category": "external",
"summary": "JBEAP-29530",
"url": "https://issues.redhat.com/browse/JBEAP-29530"
},
{
"category": "external",
"summary": "JBEAP-29679",
"url": "https://issues.redhat.com/browse/JBEAP-29679"
},
{
"category": "external",
"summary": "JBEAP-29691",
"url": "https://issues.redhat.com/browse/JBEAP-29691"
},
{
"category": "external",
"summary": "JBEAP-29692",
"url": "https://issues.redhat.com/browse/JBEAP-29692"
},
{
"category": "external",
"summary": "JBEAP-29806",
"url": "https://issues.redhat.com/browse/JBEAP-29806"
},
{
"category": "external",
"summary": "JBEAP-29863",
"url": "https://issues.redhat.com/browse/JBEAP-29863"
},
{
"category": "external",
"summary": "JBEAP-29867",
"url": "https://issues.redhat.com/browse/JBEAP-29867"
},
{
"category": "external",
"summary": "JBEAP-29984",
"url": "https://issues.redhat.com/browse/JBEAP-29984"
},
{
"category": "external",
"summary": "JBEAP-29999",
"url": "https://issues.redhat.com/browse/JBEAP-29999"
},
{
"category": "external",
"summary": "JBEAP-30087",
"url": "https://issues.redhat.com/browse/JBEAP-30087"
},
{
"category": "external",
"summary": "JBEAP-30151",
"url": "https://issues.redhat.com/browse/JBEAP-30151"
},
{
"category": "external",
"summary": "JBEAP-30157",
"url": "https://issues.redhat.com/browse/JBEAP-30157"
},
{
"category": "external",
"summary": "JBEAP-30263",
"url": "https://issues.redhat.com/browse/JBEAP-30263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10452.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
"tracking": {
"current_release_date": "2025-09-10T15:31:44+00:00",
"generator": {
"date": "2025-09-10T15:31:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10452",
"initial_release_date": "2025-07-07T13:32:31+00:00",
"revision_history": [
{
"date": "2025-07-07T13:32:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-07T13:32:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T15:31:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-27611",
"cwe": {
"id": "CWE-1007",
"name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
},
"discovery_date": "2025-04-30T20:00:45.852222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27611"
},
{
"category": "external",
"summary": "RHBZ#2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/pull/86",
"url": "https://github.com/cryptocoinjs/base-x/pull/86"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
}
],
"release_date": "2025-04-30T19:36:57.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10925
Vulnerability from csaf_redhat
Published
2025-07-14 15:56
Modified
2025-09-12 20:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10925",
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "JBEAP-28676",
"url": "https://issues.redhat.com/browse/JBEAP-28676"
},
{
"category": "external",
"summary": "JBEAP-28905",
"url": "https://issues.redhat.com/browse/JBEAP-28905"
},
{
"category": "external",
"summary": "JBEAP-29218",
"url": "https://issues.redhat.com/browse/JBEAP-29218"
},
{
"category": "external",
"summary": "JBEAP-29440",
"url": "https://issues.redhat.com/browse/JBEAP-29440"
},
{
"category": "external",
"summary": "JBEAP-29815",
"url": "https://issues.redhat.com/browse/JBEAP-29815"
},
{
"category": "external",
"summary": "JBEAP-29862",
"url": "https://issues.redhat.com/browse/JBEAP-29862"
},
{
"category": "external",
"summary": "JBEAP-29866",
"url": "https://issues.redhat.com/browse/JBEAP-29866"
},
{
"category": "external",
"summary": "JBEAP-29914",
"url": "https://issues.redhat.com/browse/JBEAP-29914"
},
{
"category": "external",
"summary": "JBEAP-29969",
"url": "https://issues.redhat.com/browse/JBEAP-29969"
},
{
"category": "external",
"summary": "JBEAP-30031",
"url": "https://issues.redhat.com/browse/JBEAP-30031"
},
{
"category": "external",
"summary": "JBEAP-30059",
"url": "https://issues.redhat.com/browse/JBEAP-30059"
},
{
"category": "external",
"summary": "JBEAP-30264",
"url": "https://issues.redhat.com/browse/JBEAP-30264"
},
{
"category": "external",
"summary": "JBEAP-30359",
"url": "https://issues.redhat.com/browse/JBEAP-30359"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10925.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
"tracking": {
"current_release_date": "2025-09-12T20:03:52+00:00",
"generator": {
"date": "2025-09-12T20:03:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10925",
"initial_release_date": "2025-07-14T15:56:17+00:00",
"revision_history": [
{
"date": "2025-07-14T15:56:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-14T15:56:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-12T20:03:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.26-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-9.SP10_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.10-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.15-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.21-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-42.Final_redhat_00042.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-cli@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-commons@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-core-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-dto@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-client@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-jms-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-journal@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-ra@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-selector@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-server@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-service-extensions@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_id": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-activemq-artemis-tools@2.16.0-21.redhat_00055.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-3.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.23-3.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product_id": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product_id": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-artemis-native-wildfly@1.0.2-5.redhat_00004.1.el8eap?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src"
},
"product_reference": "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch"
},
"product_reference": "eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
},
"product_reference": "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64"
},
"product_reference": "eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 for RHEL 8",
"product_id": "8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10234",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-10-22T01:46:48.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2320848"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10234"
},
{
"category": "external",
"summary": "RHBZ#2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
}
],
"release_date": "2024-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
},
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-35036",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-06-03T20:00:52.377542+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370118"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Hibernate Validator Expression Language Injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-35036"
},
{
"category": "external",
"summary": "RHBZ#2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
},
{
"category": "external",
"summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
"url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
"url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
"url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
"url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
"url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
"url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
"url": "https://github.com/hibernate/hibernate-validator/pull/1138"
},
{
"category": "external",
"summary": "https://hibernate.atlassian.net/browse/HV-1816",
"url": "https://hibernate.atlassian.net/browse/HV-1816"
},
{
"category": "external",
"summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
"url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
},
{
"category": "external",
"summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
"url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
},
{
"category": "external",
"summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
"url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
}
],
"release_date": "2025-06-03T19:27:42.900000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
},
{
"category": "workaround",
"details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hibernate-validator: Hibernate Validator Expression Language Injection"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T15:56:17+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10925"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-activemq-artemis-cli-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-commons-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-core-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-dto-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hornetq-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-hqclient-protocol-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jdbc-store-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-client-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-jms-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-journal-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-ra-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-selector-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-server-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-service-extensions-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-activemq-artemis-tools-0:2.16.0-21.redhat_00055.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-apache-cxf-rt-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-services-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-apache-cxf-tools-0:3.5.10-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-artemis-native-wildfly-1:1.0.2-5.redhat_00004.1.el8eap.x86_64",
"8Base-JBEAP-7.4:eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-hibernate-validator-cdi-0:6.0.23-3.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-common-spi-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-api-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-core-impl-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-deployers-common-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-jdbc-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-ironjacamar-validator-0:1.5.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-cli-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jboss-server-migration-core-0:1.10.0-42.Final_redhat_00042.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-undertow-server-0:1.9.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4:eap7-wildfly-elytron-tool-0:1.15.26-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk11-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk17-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-java-jdk8-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-javadocs-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4:eap7-wildfly-modules-0:7.4.23-3.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
rhsa-2025:10931
Vulnerability from csaf_redhat
Published
2025-07-14 16:21
Modified
2025-09-12 20:03
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-7.4.z] (CVE-2025-48734)
* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)
* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.22, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.23 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-7.4.z] (CVE-2025-48734)\n\n* hibernate-validator: Hibernate Validator Expression Language Injection [eap-7.4.z] (CVE-2025-35036)\n\n* org.wildfly.core/wildfly-core-management-subsystem: Wildfly vulnerable to Cross-Site Scripting (XSS) [eap-7.4.z] (CVE-2024-10234)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-7.4.z] (CVE-2025-23184)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-7.4.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-7.4.z] (CVE-2025-2251)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10931",
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "JBEAP-28676",
"url": "https://issues.redhat.com/browse/JBEAP-28676"
},
{
"category": "external",
"summary": "JBEAP-28905",
"url": "https://issues.redhat.com/browse/JBEAP-28905"
},
{
"category": "external",
"summary": "JBEAP-29440",
"url": "https://issues.redhat.com/browse/JBEAP-29440"
},
{
"category": "external",
"summary": "JBEAP-29815",
"url": "https://issues.redhat.com/browse/JBEAP-29815"
},
{
"category": "external",
"summary": "JBEAP-29862",
"url": "https://issues.redhat.com/browse/JBEAP-29862"
},
{
"category": "external",
"summary": "JBEAP-29866",
"url": "https://issues.redhat.com/browse/JBEAP-29866"
},
{
"category": "external",
"summary": "JBEAP-29914",
"url": "https://issues.redhat.com/browse/JBEAP-29914"
},
{
"category": "external",
"summary": "JBEAP-29969",
"url": "https://issues.redhat.com/browse/JBEAP-29969"
},
{
"category": "external",
"summary": "JBEAP-30031",
"url": "https://issues.redhat.com/browse/JBEAP-30031"
},
{
"category": "external",
"summary": "JBEAP-30059",
"url": "https://issues.redhat.com/browse/JBEAP-30059"
},
{
"category": "external",
"summary": "JBEAP-30264",
"url": "https://issues.redhat.com/browse/JBEAP-30264"
},
{
"category": "external",
"summary": "JBEAP-30359",
"url": "https://issues.redhat.com/browse/JBEAP-30359"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.23 Security update",
"tracking": {
"current_release_date": "2025-09-12T20:03:52+00:00",
"generator": {
"date": "2025-09-12T20:03:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:10931",
"initial_release_date": "2025-07-14T16:21:20+00:00",
"revision_history": [
{
"date": "2025-07-14T16:21:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-14T16:21:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-12T20:03:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4.23",
"product_id": "Red Hat JBoss Enterprise Application Platform 7.4.23",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10234",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-10-22T01:46:48.739000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2320848"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10234"
},
{
"category": "external",
"summary": "RHBZ#2320848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
}
],
"release_date": "2024-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
},
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-35036",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-06-03T20:00:52.377542+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370118"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate Validator. This vulnerability allows unauthorized access to sensitive information or the execution of arbitrary Java code by interpolating user-supplied input in a constraint violation message with an Expression Language.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hibernate-validator: Hibernate Validator Expression Language Injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Important rather than Moderate because it enables Expression Language (EL) injection through user-supplied input embedded in validation messages \u2014 effectively escalating a benign validation failure into a potential Remote Code Execution (RCE) vector. In environments where EL expressions have access to application internals, attackers can craft payloads that access sensitive Java objects, invoke arbitrary methods, or manipulate server-side logic. The fact that this behavior is triggered by the default configuration \u2014 without any explicit developer error \u2014 further amplifies the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-35036"
},
{
"category": "external",
"summary": "RHBZ#2370118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-35036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-35036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35036"
},
{
"category": "external",
"summary": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",
"url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",
"url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",
"url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",
"url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",
"url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",
"url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final"
},
{
"category": "external",
"summary": "https://github.com/hibernate/hibernate-validator/pull/1138",
"url": "https://github.com/hibernate/hibernate-validator/pull/1138"
},
{
"category": "external",
"summary": "https://hibernate.atlassian.net/browse/HV-1816",
"url": "https://hibernate.atlassian.net/browse/HV-1816"
},
{
"category": "external",
"summary": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",
"url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1"
},
{
"category": "external",
"summary": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",
"url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language"
},
{
"category": "external",
"summary": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",
"url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5245"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4428"
}
],
"release_date": "2025-06-03T19:27:42.900000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
},
{
"category": "workaround",
"details": "Users who are unable to upgrade should manually disable Expression Language interpolation to prevent EL injection. If disabling is not feasible, carefully sanitize and validate any dynamic input before inclusion.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hibernate-validator: Hibernate Validator Expression Language Injection"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-14T16:21:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4.23"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
ghsa-f7jh-m6wp-jm7f
Vulnerability from github
Published
2025-05-06 18:51
Modified
2025-05-06 18:51
Severity ?
VLAI Severity ?
Summary
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
Details
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.11.Final
Workarounds
No workaround available
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.hal:hal-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.11.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-2901"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-06T18:51:27Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.\n\n### Impact\nCross-site scripting (XSS) vulnerability in the management console.\n\n### Patches\nFixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11)\n\n### Workarounds\nNo workaround available",
"id": "GHSA-f7jh-m6wp-jm7f",
"modified": "2025-05-06T18:51:27Z",
"published": "2025-05-06T18:51:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
},
{
"type": "WEB",
"url": "https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"type": "PACKAGE",
"url": "https://github.com/hal/console"
},
{
"type": "WEB",
"url": "https://github.com/hal/console/releases/tag/v3.7.11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store"
}
ghsa-hp88-hfjw-2hg4
Vulnerability from github
Published
2025-03-28 15:31
Modified
2025-05-06 18:51
Severity ?
VLAI Severity ?
Summary
Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
Details
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references.
Original Description
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.hal:hal-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.11.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-06T18:51:17Z",
"nvd_published_at": "2025-03-28T14:15:22Z",
"severity": "MODERATE"
},
"details": "# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references.\n\n# Original Description\n\nA flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.",
"id": "GHSA-hp88-hfjw-2hg4",
"modified": "2025-05-06T18:51:17Z",
"published": "2025-03-28T15:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"type": "PACKAGE",
"url": "https://github.com/hal/console"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store",
"withdrawn": "2025-05-06T18:51:17Z"
}
fkie_cve-2025-2901
Vulnerability from fkie_nvd
Published
2025-03-28 14:15
Modified
2025-06-20 12:15
Severity ?
Summary
Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.
References
| ▼ | URL | Tags |
|---|
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234."
}
],
"id": "CVE-2025-2901",
"lastModified": "2025-06-20T12:15:21.010",
"metrics": {},
"published": "2025-03-28T14:15:22.020",
"references": [],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Rejected"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…