Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-4949 (GCVE-0-2025-4949)
Vulnerability from cvelistv5 – Published: 2025-05-21 06:47 – Updated: 2025-10-14 06:30
VLAI?
EPSS
Title
XXE vulnerability in Eclipse JGit
Summary
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Eclipse JGit | Eclipse JGit |
Affected:
7.2.0 , < 7.2.1.202505142326-r
(osgi)
Affected: 7.1.0 , < 7.1.1.202505221757-r (osgi) Affected: 7.0.0 , < 7.0.1.202505221510-r (osgi) Affected: 0 , < 5.13.4.202507202350-r (osgi) Affected: 6.0.0 , < 6.10.1.202505221210-r (osgi) |
|||||||
|
|||||||||
Credits
Simon Gerst (intrigus-lgtm) https://intrigus.org
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T10:22:48.944398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T10:24:58.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://projects.eclipse.org",
"defaultStatus": "unaffected",
"product": "Eclipse JGit",
"repo": "https://github.com/eclipse-jgit/jgit",
"vendor": "Eclipse JGit",
"versions": [
{
"lessThan": "7.2.1.202505142326-r",
"status": "affected",
"version": "7.2.0",
"versionType": "osgi"
},
{
"lessThan": "7.1.1.202505221757-r",
"status": "affected",
"version": "7.1.0",
"versionType": "osgi"
},
{
"lessThan": "7.0.1.202505221510-r",
"status": "affected",
"version": "7.0.0",
"versionType": "osgi"
},
{
"lessThan": "5.13.4.202507202350-r",
"status": "affected",
"version": "0",
"versionType": "osgi"
},
{
"lessThan": "6.10.1.202505221210-r",
"status": "affected",
"version": "6.0.0",
"versionType": "osgi"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.eclipse.jgit/org.eclipse.jgit",
"product": "Eclipse JGit",
"repo": "https://github.com/eclipse-jgit/jgit",
"vendor": "Eclipse JGit",
"versions": [
{
"lessThan": "7.2.1.202505142326-r",
"status": "affected",
"version": "7.2.0",
"versionType": "osgi"
},
{
"lessThan": "7.1.1.202505221757-r",
"status": "affected",
"version": "7.1.0",
"versionType": "osgi"
},
{
"lessThan": "7.0.1.202505221510-r",
"status": "affected",
"version": "7.0.0",
"versionType": "osgi"
},
{
"lessThan": "5.13.4.202507202350-r",
"status": "affected",
"version": "0",
"versionType": "osgi"
},
{
"lessThan": "6.10.1.202505221210-r",
"status": "affected",
"version": "6.0.0",
"versionType": "osgi"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simon Gerst (intrigus-lgtm) https://intrigus.org"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the \u003ccode\u003eManifestParser\u003c/code\u003e class used by the \u003ccode\u003erepo\u003c/code\u003e command and the \u003ccode\u003eAmazonS3\u003c/code\u003e class used to implement the experimental \u003ccode\u003eamazons3\u003c/code\u003e git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues."
}
],
"value": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues."
}
],
"impacts": [
{
"capecId": "CAPEC-201",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-201 Serialized Data External Linking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-827",
"description": "CWE-827 Improper Control of Document Type Definition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T06:30:04.660Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"tags": [
"release-notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XXE vulnerability in Eclipse JGit",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-4949",
"datePublished": "2025-05-21T06:47:19.777Z",
"dateReserved": "2025-05-19T07:02:22.381Z",
"dateUpdated": "2025-10-14T06:30:04.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4949\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2025-05-21T07:16:01.397\",\"lastModified\":\"2026-01-05T18:11:59.027\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\"},{\"lang\":\"es\",\"value\":\"En las versiones 7.2.0.202503040940-r y anteriores de Eclipse JGit, la clase ManifestParser, utilizada por el comando repo, y la clase AmazonS3, utilizada para implementar el protocolo experimental de transporte de Git amazons3, que permite almacenar archivos de paquetes de Git en un bucket de Amazon S3, son vulnerables a ataques de Entidad Externa XML (XXE) al analizar archivos XML. Esta vulnerabilidad puede provocar divulgaci\u00f3n de informaci\u00f3n, denegaci\u00f3n de servicio y otros problemas de seguridad.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"},{\"lang\":\"en\",\"value\":\"CWE-827\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.13.4\",\"matchCriteriaId\":\"AA83AF58-95B9-4502-B31D-E4FDE3AE38B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.10.1.202505221210\",\"matchCriteriaId\":\"564D2570-3C49-420B-A01D-0803E7EFD1CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.1.202505221510\",\"matchCriteriaId\":\"3FEEF05C-0772-4BAF-A4AB-A87CFE32121C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.1.0\",\"versionEndExcluding\":\"7.1.1.202505221757\",\"matchCriteriaId\":\"B5B0B7A0-8785-4C21-96F8-98EDD7A23D50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.0\",\"versionEndExcluding\":\"7.2.1.202505142326\",\"matchCriteriaId\":\"5D70B5F8-067E-434D-8EC5-33301A264288\"}]}]}],\"references\":[{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/64\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4949\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T10:22:48.944398Z\"}}}], \"references\": [{\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T10:24:46.428Z\"}}], \"cna\": {\"title\": \"XXE vulnerability in Eclipse JGit\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Simon Gerst (intrigus-lgtm) https://intrigus.org\"}], \"impacts\": [{\"capecId\": \"CAPEC-201\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-201 Serialized Data External Linking\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.8, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL.\"}]}], \"affected\": [{\"repo\": \"https://github.com/eclipse-jgit/jgit\", \"vendor\": \"Eclipse JGit\", \"product\": \"Eclipse JGit\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.1.202505142326-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"lessThan\": \"7.1.1.202505221757-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.1.202505221510-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.13.4.202507202350-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.10.1.202505221210-r\", \"versionType\": \"osgi\"}], \"collectionURL\": \"https://projects.eclipse.org\", \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://github.com/eclipse-jgit/jgit\", \"vendor\": \"Eclipse JGit\", \"product\": \"Eclipse JGit\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.2.0\", \"lessThan\": \"7.2.1.202505142326-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.1.0\", \"lessThan\": \"7.1.1.202505221757-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.1.202505221510-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.13.4.202507202350-r\", \"versionType\": \"osgi\"}, {\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.10.1.202505221210-r\", \"versionType\": \"osgi\"}], \"packageName\": \"pkg:maven/org.eclipse.jgit/org.eclipse.jgit\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://gitlab.eclipse.org/security/cve-assignement/-/issues/64\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In Eclipse JGit versions 7.2.0.202503040940-r and older, the \u003ccode\u003eManifestParser\u003c/code\u003e class used by the \u003ccode\u003erepo\u003c/code\u003e command and the \u003ccode\u003eAmazonS3\u003c/code\u003e class used to implement the experimental \u003ccode\u003eamazons3\u003c/code\u003e git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-611\", \"description\": \"CWE-611 Improper Restriction of XML External Entity Reference\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-827\", \"description\": \"CWE-827 Improper Control of Document Type Definition\"}]}], \"providerMetadata\": {\"orgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"shortName\": \"eclipse\", \"dateUpdated\": \"2025-10-14T06:30:04.660Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4949\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T06:30:04.660Z\", \"dateReserved\": \"2025-05-19T07:02:22.381Z\", \"assignerOrgId\": \"e51fbebd-6053-4e49-959f-1b94eeb69a2c\", \"datePublished\": \"2025-05-21T06:47:19.777Z\", \"assignerShortName\": \"eclipse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:23490
Vulnerability from csaf_redhat - Published: 2025-12-17 13:43 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.16 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.16.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.16 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.16.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.16 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23490",
"url": "https://access.redhat.com/errata/RHSA-2025:23490"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23490.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.16 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:36+00:00",
"generator": {
"date": "2026-03-18T16:08:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23490",
"initial_release_date": "2025-12-17T13:43:38+00:00",
"revision_history": [
{
"date": "2025-12-17T13:43:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:43:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.16",
"product": {
"name": "OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3Ac19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.16.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64 as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64 as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64 as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64 as a component of OpenShift Developer Tools and Services 4.16",
"product_id": "OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:38+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.16 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23490"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:38+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.16 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23490"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.16:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:23492
Vulnerability from csaf_redhat - Published: 2025-12-17 13:43 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.18.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.18.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23492",
"url": "https://access.redhat.com/errata/RHSA-2025:23492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23492.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.18 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:36+00:00",
"generator": {
"date": "2026-03-18T16:08:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23492",
"initial_release_date": "2025-12-17T13:43:48+00:00",
"revision_history": [
{
"date": "2025-12-17T13:43:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:43:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.18",
"product": {
"name": "OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3Ac19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.18.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64 as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64 as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64 as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64 as a component of OpenShift Developer Tools and Services 4.18",
"product_id": "OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:48+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.18 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23492"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:48+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.18 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23492"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.18:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:23491
Vulnerability from csaf_redhat - Published: 2025-12-17 13:43 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.20 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.20.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.20 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.20.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.20 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23491",
"url": "https://access.redhat.com/errata/RHSA-2025:23491"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23491.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.20 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:36+00:00",
"generator": {
"date": "2026-03-18T16:08:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23491",
"initial_release_date": "2025-12-17T13:43:49+00:00",
"revision_history": [
{
"date": "2025-12-17T13:43:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:43:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.2",
"product": {
"name": "OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3Ac19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.20.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64 as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64 as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64 as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64 as a component of OpenShift Developer Tools and Services 4.2",
"product_id": "OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:49+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.20 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23491"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:49+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.20 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23491"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.2:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2026:4924
Vulnerability from csaf_redhat - Published: 2026-03-18 13:54 - Updated: 2026-03-18 16:09Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)
* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)
* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)
* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)
* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)\n\n* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)\n\n* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)\n\n* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4924",
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4924.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
"tracking": {
"current_release_date": "2026-03-18T16:09:33+00:00",
"generator": {
"date": "2026-03-18T16:09:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4924",
"initial_release_date": "2026-03-18T13:54:46+00:00",
"revision_history": [
{
"date": "2026-03-18T13:54:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T13:54:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:09:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.4",
"product_id": "Red Hat JBoss Enterprise Application Platform 7.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-04-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275287"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since this requires the use of a specific form method by the server that must be externally available and the input is not sanitized by the given servlet or class implementing its use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3884"
},
{
"category": "external",
"summary": "RHBZ#2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884"
}
],
"release_date": "2025-12-03T16:50:50+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ahmet Artu\u00e7"
]
}
],
"cve": "CVE-2025-12543",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-10-31T06:15:35.424000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12543"
},
{
"category": "external",
"summary": "RHBZ#2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
},
{
"cve": "CVE-2025-48913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-08T10:00:54.007824+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw should be considered Important because the impact goes beyond a simple denial of service or configuration misuse. By allowing untrusted users to configure JMS with RMI or LDAP URLs, attackers could achieve remote code execution by loading attacker-controlled classes or objects. Although this requires the precondition that the attacker has access to JMS configuration, in many enterprise deployments this may be exposed through integration layers or misconfigured permissions, making the attack surface broader than a purely local or limited-scope scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48913"
},
{
"category": "external",
"summary": "RHBZ#2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83",
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"release_date": "2025-08-08T09:21:22.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "To reduce risk, deployments should restrict the allowed protocols in JMS configuration to trusted and expected values only. In particular, disallow the use of rmi:// and ldap:// URLs, which could be abused for remote class loading and code execution.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Christiaan Swiers"
],
"organization": "YouGina"
},
{
"names": [
"Tommy Williams"
],
"organization": "HeroDevs"
}
],
"cve": "CVE-2026-0603",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-01-05T13:12:29.816000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate\u0027s InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0603"
},
{
"category": "external",
"summary": "RHBZ#2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603"
}
],
"release_date": "2026-01-19T10:10:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:54:46+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4924"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 7.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection"
}
]
}
RHSA-2025:23482
Vulnerability from csaf_redhat - Published: 2025-12-17 13:07 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.13 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.13.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.13 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.13.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.13 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23482",
"url": "https://access.redhat.com/errata/RHSA-2025:23482"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23482.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.13 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:35+00:00",
"generator": {
"date": "2026-03-18T16:08:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23482",
"initial_release_date": "2025-12-17T13:07:54+00:00",
"revision_history": [
{
"date": "2025-12-17T13:07:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:08:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.13",
"product": {
"name": "OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.13::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3A2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.13.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.13.0-1765819949"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Acc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.13.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ae3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.13.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ab0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.13.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64 as a component of OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x as a component of OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64 as a component of OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le as a component of OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64 as a component of OpenShift Developer Tools and Services 4.13",
"product_id": "OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:07:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.13 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23482"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:07:54+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.13 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23482"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.13:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:18028
Vulnerability from csaf_redhat - Published: 2025-10-14 17:59 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.
Notes
Topic
Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* spring-security-core: Spring Security authorization bypass (CVE-2025-41248)
* spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* spring-core-test: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)
* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
* minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)
* io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* spring-security-core: Spring Security authorization bypass (CVE-2025-41248)\n\n* spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* spring-core-test: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)\n\n* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\n* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\n* minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)\n\n* io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18028",
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "2395723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395723"
},
{
"category": "external",
"summary": "2395725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395725"
},
{
"category": "external",
"summary": "2400380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400380"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18028.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.",
"tracking": {
"current_release_date": "2026-03-18T16:08:31+00:00",
"generator": {
"date": "2026-03-18T16:08:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:18028",
"initial_release_date": "2025-10-14T17:59:03+00:00",
"revision_history": [
{
"date": "2025-10-14T17:59:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-14T17:59:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product": {
"name": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product_id": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2025-09-16T11:00:42.699993+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395723"
}
],
"notes": [
{
"category": "description",
"text": "The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.springframework.security/spring-security-core: Spring Security authorization bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-41248"
},
{
"category": "external",
"summary": "RHBZ#2395723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-41248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41248"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-security/issues/17898",
"url": "https://github.com/spring-projects/spring-security/issues/17898"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-41248",
"url": "https://spring.io/security/cve-2025-41248"
}
],
"release_date": "2025-09-16T10:10:59.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.springframework.security/spring-security-core: Spring Security authorization bypass"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-09-16T11:00:49.967990+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395725"
}
],
"notes": [
{
"category": "description",
"text": "The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-41249"
},
{
"category": "external",
"summary": "RHBZ#2395725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/issues/35342",
"url": "https://github.com/spring-projects/spring-framework/issues/35342"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-41249",
"url": "https://spring.io/security/cve-2025-41249"
}
],
"release_date": "2025-09-16T10:15:34.118000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
},
{
"cve": "CVE-2025-59952",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-09-30T00:01:08.819825+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400380"
}
],
"notes": [
{
"category": "description",
"text": "In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources. Attackers could craft malicious XML inputs to extract sensitive data from the system\u0027s properties or environment variables, potentially compromising security in applications relying on minio-java for object storage operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59952"
},
{
"category": "external",
"summary": "RHBZ#2400380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59952"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59952"
},
{
"category": "external",
"summary": "https://github.com/minio/minio-java/releases/tag/8.6.0",
"url": "https://github.com/minio/minio-java/releases/tag/8.6.0"
},
{
"category": "external",
"summary": "https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm",
"url": "https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm"
}
],
"release_date": "2025-09-29T23:32:33.994000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution"
}
]
}
RHSA-2026:4916
Vulnerability from csaf_redhat - Published: 2026-03-18 13:17 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)
* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)
* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)
* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)
* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)\n\n* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)\n\n* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)\n\n* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4916",
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "JBEAP-30075",
"url": "https://issues.redhat.com/browse/JBEAP-30075"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4916.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:42+00:00",
"generator": {
"date": "2026-03-18T16:08:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4916",
"initial_release_date": "2026-03-18T13:17:47+00:00",
"revision_history": [
{
"date": "2026-03-18T13:17:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T13:17:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-2.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.27-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-4.SP2_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.11-1.SP1_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-2.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.38-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.38-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.38-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.38-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-common@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.124-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-43.Final_redhat_00043.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-43.Final_redhat_00043.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.24-4.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el8eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.124-1.Final_redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 8",
"product_id": "8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.4-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-04-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275287"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since this requires the use of a specific form method by the server that must be externally available and the input is not sanitized by the given servlet or class implementing its use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3884"
},
{
"category": "external",
"summary": "RHBZ#2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884"
}
],
"release_date": "2025-12-03T16:50:50+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ahmet Artu\u00e7"
]
}
],
"cve": "CVE-2025-12543",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-10-31T06:15:35.424000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12543"
},
{
"category": "external",
"summary": "RHBZ#2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
},
{
"cve": "CVE-2025-48913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-08T10:00:54.007824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw should be considered Important because the impact goes beyond a simple denial of service or configuration misuse. By allowing untrusted users to configure JMS with RMI or LDAP URLs, attackers could achieve remote code execution by loading attacker-controlled classes or objects. Although this requires the precondition that the attacker has access to JMS configuration, in many enterprise deployments this may be exposed through integration layers or misconfigured permissions, making the attack surface broader than a purely local or limited-scope scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48913"
},
{
"category": "external",
"summary": "RHBZ#2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83",
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"release_date": "2025-08-08T09:21:22.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "To reduce risk, deployments should restrict the allowed protocols in JMS configuration to trusted and expected values only. In particular, disallow the use of rmi:// and ldap:// URLs, which could be abused for remote class loading and code execution.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Christiaan Swiers"
],
"organization": "YouGina"
},
{
"names": [
"Tommy Williams"
],
"organization": "HeroDevs"
}
],
"cve": "CVE-2026-0603",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-01-05T13:12:29.816000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate\u0027s InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"known_not_affected": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0603"
},
{
"category": "external",
"summary": "RHBZ#2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603"
}
],
"release_date": "2026-01-19T10:10:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection"
}
]
}
RHSA-2025:22188
Vulnerability from csaf_redhat - Published: 2025-11-26 16:59 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 Security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22188",
"url": "https://access.redhat.com/errata/RHSA-2025:22188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7133099",
"url": "https://access.redhat.com/articles/7133099"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-30670",
"url": "https://issues.redhat.com/browse/JBEAP-30670"
},
{
"category": "external",
"summary": "JBEAP-30737",
"url": "https://issues.redhat.com/browse/JBEAP-30737"
},
{
"category": "external",
"summary": "JBEAP-30753",
"url": "https://issues.redhat.com/browse/JBEAP-30753"
},
{
"category": "external",
"summary": "JBEAP-30856",
"url": "https://issues.redhat.com/browse/JBEAP-30856"
},
{
"category": "external",
"summary": "JBEAP-30951",
"url": "https://issues.redhat.com/browse/JBEAP-30951"
},
{
"category": "external",
"summary": "JBEAP-31005",
"url": "https://issues.redhat.com/browse/JBEAP-31005"
},
{
"category": "external",
"summary": "JBEAP-31020",
"url": "https://issues.redhat.com/browse/JBEAP-31020"
},
{
"category": "external",
"summary": "JBEAP-31032",
"url": "https://issues.redhat.com/browse/JBEAP-31032"
},
{
"category": "external",
"summary": "JBEAP-31042",
"url": "https://issues.redhat.com/browse/JBEAP-31042"
},
{
"category": "external",
"summary": "JBEAP-31043",
"url": "https://issues.redhat.com/browse/JBEAP-31043"
},
{
"category": "external",
"summary": "JBEAP-31044",
"url": "https://issues.redhat.com/browse/JBEAP-31044"
},
{
"category": "external",
"summary": "JBEAP-31047",
"url": "https://issues.redhat.com/browse/JBEAP-31047"
},
{
"category": "external",
"summary": "JBEAP-31048",
"url": "https://issues.redhat.com/browse/JBEAP-31048"
},
{
"category": "external",
"summary": "JBEAP-31054",
"url": "https://issues.redhat.com/browse/JBEAP-31054"
},
{
"category": "external",
"summary": "JBEAP-31059",
"url": "https://issues.redhat.com/browse/JBEAP-31059"
},
{
"category": "external",
"summary": "JBEAP-31095",
"url": "https://issues.redhat.com/browse/JBEAP-31095"
},
{
"category": "external",
"summary": "JBEAP-31105",
"url": "https://issues.redhat.com/browse/JBEAP-31105"
},
{
"category": "external",
"summary": "JBEAP-31106",
"url": "https://issues.redhat.com/browse/JBEAP-31106"
},
{
"category": "external",
"summary": "JBEAP-31113",
"url": "https://issues.redhat.com/browse/JBEAP-31113"
},
{
"category": "external",
"summary": "JBEAP-31125",
"url": "https://issues.redhat.com/browse/JBEAP-31125"
},
{
"category": "external",
"summary": "JBEAP-31274",
"url": "https://issues.redhat.com/browse/JBEAP-31274"
},
{
"category": "external",
"summary": "JBEAP-31291",
"url": "https://issues.redhat.com/browse/JBEAP-31291"
},
{
"category": "external",
"summary": "JBEAP-31315",
"url": "https://issues.redhat.com/browse/JBEAP-31315"
},
{
"category": "external",
"summary": "JBEAP-31323",
"url": "https://issues.redhat.com/browse/JBEAP-31323"
},
{
"category": "external",
"summary": "JBEAP-31338",
"url": "https://issues.redhat.com/browse/JBEAP-31338"
},
{
"category": "external",
"summary": "JBEAP-31340",
"url": "https://issues.redhat.com/browse/JBEAP-31340"
},
{
"category": "external",
"summary": "JBEAP-31346",
"url": "https://issues.redhat.com/browse/JBEAP-31346"
},
{
"category": "external",
"summary": "JBEAP-31354",
"url": "https://issues.redhat.com/browse/JBEAP-31354"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22188.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 Security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:31+00:00",
"generator": {
"date": "2026-03-18T16:08:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22188",
"initial_release_date": "2025-11-26T16:59:23+00:00",
"revision_history": [
{
"date": "2025-11-26T16:59:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T16:59:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.1 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"product_id": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-snakeyaml@2.3.0-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.4-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.6.31-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"product_id": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan@15.0.21-1.Final_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.7.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"product_id": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-2.GA_redhat_00006.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jgroups@5.3.21-1.Final_redhat_00001.1.el9eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering@5.0.11-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-client@2.1.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"product_id": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.2.0-1.GA_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-lang@3.18.0-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4@4.13.2-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"product": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"product_id": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.1.2-1.GA_redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"product_id": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-3.redhat_00008.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"product_id": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm@9.7.1-3.redhat_00002.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-snakeyaml@2.3.0-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-elasticsearch@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-lucene@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-engine@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-orm@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-pojo-base@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-util-common@7.2.4-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.6.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.6.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.6.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools-core@4.0.5-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-jdbc@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-jdbc-common@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-remote@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-common@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-embedded@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-remote@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-client-hotrod@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-clustered-counter@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-clustered-lock@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-commons@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-core@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-commons@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-spi@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-v62@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-objectfilter@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query-core@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query-dsl@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-remote-query-client@15.0.21-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.7.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-2.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jgroups@5.3.21-1.Final_redhat_00001.1.el9eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-common@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-embedded@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-remote@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-spi@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-context@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-jboss@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-protostream@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-spi@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-api@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-infinispan@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-jgroups@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-local@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-spi@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-cache@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-infinispan-embedded@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-infinispan-remote@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spec-servlet-6.0@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spec-spi@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spi@5.0.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-client-common@2.1.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-ejb-client@2.1.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-naming-client@2.1.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-transaction-client@2.1.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.2.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@801.2.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-lang@3.18.0-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4@4.13.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4-runtime@4.13.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_id": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.1.2-1.GA_redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.1.2-1.GA_redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.1.2-1.GA_redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.1.2-1.GA_redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.40.0-3.redhat_00008.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm@9.7.1-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm-util@9.7.1-3.redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src"
},
"product_reference": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 9",
"product_id": "9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T16:59:23+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22188"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
RHSA-2025:23488
Vulnerability from csaf_redhat - Published: 2025-12-17 13:43 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.19 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.19.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.19 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.19.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.19 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23488",
"url": "https://access.redhat.com/errata/RHSA-2025:23488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23488.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.19 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:36+00:00",
"generator": {
"date": "2026-03-18T16:08:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23488",
"initial_release_date": "2025-12-17T13:43:38+00:00",
"revision_history": [
{
"date": "2025-12-17T13:43:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:43:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.19",
"product": {
"name": "OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3Ac19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.19.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64 as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64 as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64 as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64 as a component of OpenShift Developer Tools and Services 4.19",
"product_id": "OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:38+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.19 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23488"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:38+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.19 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23488"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.19:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:22773
Vulnerability from csaf_redhat - Published: 2025-12-04 18:04 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22773",
"url": "https://access.redhat.com/errata/RHSA-2025:22773"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-28993",
"url": "https://issues.redhat.com/browse/JBEAP-28993"
},
{
"category": "external",
"summary": "JBEAP-30584",
"url": "https://issues.redhat.com/browse/JBEAP-30584"
},
{
"category": "external",
"summary": "JBEAP-30976",
"url": "https://issues.redhat.com/browse/JBEAP-30976"
},
{
"category": "external",
"summary": "JBEAP-31001",
"url": "https://issues.redhat.com/browse/JBEAP-31001"
},
{
"category": "external",
"summary": "JBEAP-31031",
"url": "https://issues.redhat.com/browse/JBEAP-31031"
},
{
"category": "external",
"summary": "JBEAP-31074",
"url": "https://issues.redhat.com/browse/JBEAP-31074"
},
{
"category": "external",
"summary": "JBEAP-31253",
"url": "https://issues.redhat.com/browse/JBEAP-31253"
},
{
"category": "external",
"summary": "JBEAP-31260",
"url": "https://issues.redhat.com/browse/JBEAP-31260"
},
{
"category": "external",
"summary": "JBEAP-31290",
"url": "https://issues.redhat.com/browse/JBEAP-31290"
},
{
"category": "external",
"summary": "JBEAP-31339",
"url": "https://issues.redhat.com/browse/JBEAP-31339"
},
{
"category": "external",
"summary": "JBEAP-31377",
"url": "https://issues.redhat.com/browse/JBEAP-31377"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22773.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:33+00:00",
"generator": {
"date": "2026-03-18T16:08:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22773",
"initial_release_date": "2025-12-04T18:04:02+00:00",
"revision_history": [
{
"date": "2025-12-04T18:04:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-16T19:11:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.12-1.Final_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-sun-istack-commons@4.1.2-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator@8.0.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.11.0-1.GA_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.46-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.27-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-el-api_5.0_spec@4.0.2-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle@1.82.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"product_id": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.11-1.GA_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-installation-manager-api@1.0.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools-core@4.0.5-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.12-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.12-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-istack-commons-runtime@4.1.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-istack-commons-tools@4.1.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-sun-istack-commons@4.1.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator@8.0.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator-cdi@8.0.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.11.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.11.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.46-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.46-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.46-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.27-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-el-api_5.0_spec@4.0.2-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-jmail@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-pg@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-pkix@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-prov@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-util@1.82.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.11-1.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.11-1.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.11-1.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.11-1.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.11-1.GA_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-installation-manager-api@1.0.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T18:04:02+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22773"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
RHSA-2026:4915
Vulnerability from csaf_redhat - Published: 2026-03-18 13:17 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)
* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)
* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)
* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)
* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)\n\n* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)\n\n* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)\n\n* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4915",
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "JBEAP-30074",
"url": "https://issues.redhat.com/browse/JBEAP-30074"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4915.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:40+00:00",
"generator": {
"date": "2026-03-18T16:08:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4915",
"initial_release_date": "2026-03-18T13:17:52+00:00",
"revision_history": [
{
"date": "2026-03-18T13:17:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T13:17:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-2.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-4.SP2_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.27-1.Final_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.11-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-2.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.24-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-common@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.124-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.16-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-43.Final_redhat_00043.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-43.Final_redhat_00043.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.11-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.24-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.24-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.24-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.24-4.GA_redhat_00002.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.124-1.Final_redhat_00001.1.el7eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.4-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-04-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275287"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since this requires the use of a specific form method by the server that must be externally available and the input is not sanitized by the given servlet or class implementing its use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3884"
},
{
"category": "external",
"summary": "RHBZ#2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884"
}
],
"release_date": "2025-12-03T16:50:50+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ahmet Artu\u00e7"
]
}
],
"cve": "CVE-2025-12543",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-10-31T06:15:35.424000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12543"
},
{
"category": "external",
"summary": "RHBZ#2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
},
{
"cve": "CVE-2025-48913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-08T10:00:54.007824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw should be considered Important because the impact goes beyond a simple denial of service or configuration misuse. By allowing untrusted users to configure JMS with RMI or LDAP URLs, attackers could achieve remote code execution by loading attacker-controlled classes or objects. Although this requires the precondition that the attacker has access to JMS configuration, in many enterprise deployments this may be exposed through integration layers or misconfigured permissions, making the attack surface broader than a purely local or limited-scope scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48913"
},
{
"category": "external",
"summary": "RHBZ#2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83",
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"release_date": "2025-08-08T09:21:22.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "To reduce risk, deployments should restrict the allowed protocols in JMS configuration to trusted and expected values only. In particular, disallow the use of rmi:// and ldap:// URLs, which could be abused for remote class loading and code execution.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Christiaan Swiers"
],
"organization": "YouGina"
},
{
"names": [
"Tommy Williams"
],
"organization": "HeroDevs"
}
],
"cve": "CVE-2026-0603",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-01-05T13:12:29.816000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate\u0027s InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0603"
},
{
"category": "external",
"summary": "RHBZ#2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603"
}
],
"release_date": "2026-01-19T10:10:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:17:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4915"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-all-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection"
}
]
}
RHSA-2026:4917
Vulnerability from csaf_redhat - Published: 2026-03-18 13:19 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)
* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)
* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)
* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)
* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)
* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)
* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)
* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.24 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.23, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.24 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jackson-core: jackson-core Potential StackoverflowError (CVE-2025-52999)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF [eap-7.4.z] (CVE-2025-12543)\n\n* cxf: CXF JMS Code Execution Vulnerability [eap-7.4.z] (CVE-2025-48913)\n\n* netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-55163)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-7.4.z] (CVE-2025-4949)\n\n* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection [eap-7.4.z] (CVE-2026-0603)\n\n* com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers (CVE-2024-7254)\n\n* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded [eap-7.4.z] (CVE-2024-3884)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4917",
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "JBEAP-30076",
"url": "https://issues.redhat.com/browse/JBEAP-30076"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4917.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:42+00:00",
"generator": {
"date": "2026-03-18T16:08:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:4917",
"initial_release_date": "2026-03-18T13:19:11+00:00",
"revision_history": [
{
"date": "2026-03-18T13:19:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T13:19:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_els:7.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.9.6-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.4.17-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-glassfish-jsf@2.3.14-10.SP10_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator@6.0.23-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-validator-cdi@6.0.23-4.SP2_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.15.27-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.15.27-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.9.6-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.3.27-2.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.5.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.5.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.5.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.5.11-1.SP1_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.5.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-commons-beanutils@1.11.0-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.38-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.38-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-buffer@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-dns@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-haproxy@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-http2@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-memcache@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-mqtt@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-redis@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-smtp@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-socks@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-stomp@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-codec-xml@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-common@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-handler-proxy@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-resolver-dns-classes-macos@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-epoll@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-classes-kqueue@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-unix-common@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-sctp@4.1.124-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.2.39-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling@2.0.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-marshalling-river@2.0.16-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.10.0-43.Final_redhat_00043.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.10.0-43.Final_redhat_00043.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.10.0-43.Final_redhat_00043.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-cdi@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-client@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-crypto@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-jsapi@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-binding-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-rxjava2@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-spring@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider@3.15.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-2.r_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk17@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.4.24-4.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.124-1.Final_redhat_00001.1.el9eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product_id": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll-debuginfo@4.1.124-1.Final_redhat_00001.1.el9eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64 as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64"
},
"product_reference": "eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 7.4 ELS for RHEL 9",
"product_id": "9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-7.4-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3884",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-04-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2275287"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since this requires the use of a specific form method by the server that must be externally available and the input is not sanitized by the given servlet or class implementing its use.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3884"
},
{
"category": "external",
"summary": "RHBZ#2275287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884"
}
],
"release_date": "2025-12-03T16:50:50+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-09-19T01:20:29.981665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Protocol Buffers (protobuf). This issue can allows an attacker to cause a StackOverflow via parsing untrusted Protocol Buffers data containing arbitrarily nested SGROUP tags, leading to unbounded recursion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "protobuf: StackOverflow vulnerability in Protocol Buffers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue represents a significant severity risk because unbounded recursion in Protocol Buffers parsing can be exploited to trigger stack overflows, leading to Denial of Service (DoS). When parsers, such as `DiscardUnknownFieldsParser` or the Java Protobuf Lite parser, encounter arbitrarily nested groups or deeply recursive map fields, the lack of recursion depth limits can result in uncontrolled stack growth. Attackers can craft malicious protobuf messages that deliberately exceed the stack\u0027s capacity, causing the application to crash or become unresponsive.\n\nThe protobuf package as shipped in RHEL does not include the affected java or kotlin bindings, therefore RHEL is Not Affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-7254"
},
{
"category": "external",
"summary": "RHBZ#2313454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa",
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"release_date": "2024-09-19T01:15:10.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "protobuf: StackOverflow vulnerability in Protocol Buffers"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ahmet Artu\u00e7"
]
}
],
"cve": "CVE-2025-12543",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-10-31T06:15:35.424000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12543"
},
{
"category": "external",
"summary": "RHBZ#2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
},
{
"cve": "CVE-2025-48913",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-08T10:00:54.007824+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw should be considered Important because the impact goes beyond a simple denial of service or configuration misuse. By allowing untrusted users to configure JMS with RMI or LDAP URLs, attackers could achieve remote code execution by loading attacker-controlled classes or objects. Although this requires the precondition that the attacker has access to JMS configuration, in many enterprise deployments this may be exposed through integration layers or misconfigured permissions, making the attack surface broader than a purely local or limited-scope scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48913"
},
{
"category": "external",
"summary": "RHBZ#2387221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83",
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"release_date": "2025-08-08T09:21:22.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "To reduce risk, deployments should restrict the allowed protocols in JMS configuration to trusted and expected values only. In particular, disallow the use of rmi:// and ldap:// URLs, which could be abused for remote class loading and code execution.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability"
},
{
"cve": "CVE-2025-52999",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-06-25T18:00:54.693716+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374804"
}
],
"notes": [
{
"category": "description",
"text": "A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52999"
},
{
"category": "external",
"summary": "RHBZ#2374804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374804"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52999"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/pull/943",
"url": "https://github.com/FasterXML/jackson-core/pull/943"
},
{
"category": "external",
"summary": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3",
"url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-h46c-h94j-95f3"
}
],
"release_date": "2025-06-25T17:02:57.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, the recommendation is to avoid parsing input files from untrusted sources that may have excessively deep nested data structures; anything with a depth over 1000.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Christiaan Swiers"
],
"organization": "YouGina"
},
{
"names": [
"Tommy Williams"
],
"organization": "HeroDevs"
}
],
"cve": "CVE-2026-0603",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-01-05T13:12:29.816000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application\u0027s database, resulting in an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate\u0027s InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"known_not_affected": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0603"
},
{
"category": "external",
"summary": "RHBZ#2427147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603"
}
],
"release_date": "2026-01-19T10:10:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T13:19:11+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-commons-beanutils-0:1.11.0-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-0:3.5.11-1.SP1_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-rt-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-services-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-apache-cxf-tools-0:3.5.11-1.SP1_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-eclipse-jgit-0:5.13.5.202508271544-2.r_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-elytron-web-0:1.9.6-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-glassfish-jsf-0:2.3.14-10.SP10_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hal-console-0:3.3.27-2.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-0:6.0.23-4.SP2_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-hibernate-validator-cdi-0:6.0.23-4.SP2_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-0:1.5.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-common-spi-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-api-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-core-impl-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-deployers-common-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-jdbc-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-ironjacamar-validator-0:1.5.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-0:2.0.16-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-marshalling-river-0:2.0.16-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-0:1.10.0-43.Final_redhat_00043.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-cli-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jboss-server-migration-core-0:1.10.0-43.Final_redhat_00043.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-jbossws-cxf-0:5.4.17-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-buffer-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-haproxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-http2-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-memcache-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-mqtt-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-redis-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-smtp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-socks-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-stomp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-codec-xml-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-handler-proxy-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-resolver-dns-classes-macos-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-classes-kqueue-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-epoll-debuginfo-0:4.1.124-1.Final_redhat_00001.1.el9eap.x86_64",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-native-unix-common-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-netty-transport-sctp-0:4.1.124-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-0:3.15.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-atom-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-cdi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-client-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-crypto-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jackson2-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxb-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jaxrs-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jettison-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jose-jwt-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-jsapi-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-binding-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-json-p-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-multipart-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-rxjava2-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-spring-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-validator-provider-11-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-resteasy-yaml-provider-0:3.15.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-undertow-0:2.2.39-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-undertow-server-0:1.9.6-2.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-0:7.4.24-4.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-0:1.15.27-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-elytron-tool-0:1.15.27-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk11-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk17-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-java-jdk8-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-javadocs-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-7.4-ELS:eap7-wildfly-modules-0:7.4.24-4.GA_redhat_00002.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection"
}
]
}
RHSA-2025:22777
Vulnerability from csaf_redhat - Published: 2025-12-04 15:56 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22777",
"url": "https://access.redhat.com/errata/RHSA-2025:22777"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-28993",
"url": "https://issues.redhat.com/browse/JBEAP-28993"
},
{
"category": "external",
"summary": "JBEAP-30584",
"url": "https://issues.redhat.com/browse/JBEAP-30584"
},
{
"category": "external",
"summary": "JBEAP-30976",
"url": "https://issues.redhat.com/browse/JBEAP-30976"
},
{
"category": "external",
"summary": "JBEAP-31001",
"url": "https://issues.redhat.com/browse/JBEAP-31001"
},
{
"category": "external",
"summary": "JBEAP-31031",
"url": "https://issues.redhat.com/browse/JBEAP-31031"
},
{
"category": "external",
"summary": "JBEAP-31074",
"url": "https://issues.redhat.com/browse/JBEAP-31074"
},
{
"category": "external",
"summary": "JBEAP-31253",
"url": "https://issues.redhat.com/browse/JBEAP-31253"
},
{
"category": "external",
"summary": "JBEAP-31260",
"url": "https://issues.redhat.com/browse/JBEAP-31260"
},
{
"category": "external",
"summary": "JBEAP-31290",
"url": "https://issues.redhat.com/browse/JBEAP-31290"
},
{
"category": "external",
"summary": "JBEAP-31339",
"url": "https://issues.redhat.com/browse/JBEAP-31339"
},
{
"category": "external",
"summary": "JBEAP-31377",
"url": "https://issues.redhat.com/browse/JBEAP-31377"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22777.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:33+00:00",
"generator": {
"date": "2026-03-18T16:08:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22777",
"initial_release_date": "2025-12-04T15:56:54+00:00",
"revision_history": [
{
"date": "2025-12-04T15:56:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-16T19:11:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8.0",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8.0",
"product_id": "Red Hat JBoss Enterprise Application Platform 8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T15:56:54+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22777"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
RHSA-2025:22187
Vulnerability from csaf_redhat - Published: 2025-11-26 16:59 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22187",
"url": "https://access.redhat.com/errata/RHSA-2025:22187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7133099",
"url": "https://access.redhat.com/articles/7133099"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-30670",
"url": "https://issues.redhat.com/browse/JBEAP-30670"
},
{
"category": "external",
"summary": "JBEAP-30737",
"url": "https://issues.redhat.com/browse/JBEAP-30737"
},
{
"category": "external",
"summary": "JBEAP-30753",
"url": "https://issues.redhat.com/browse/JBEAP-30753"
},
{
"category": "external",
"summary": "JBEAP-30855",
"url": "https://issues.redhat.com/browse/JBEAP-30855"
},
{
"category": "external",
"summary": "JBEAP-30951",
"url": "https://issues.redhat.com/browse/JBEAP-30951"
},
{
"category": "external",
"summary": "JBEAP-31005",
"url": "https://issues.redhat.com/browse/JBEAP-31005"
},
{
"category": "external",
"summary": "JBEAP-31020",
"url": "https://issues.redhat.com/browse/JBEAP-31020"
},
{
"category": "external",
"summary": "JBEAP-31032",
"url": "https://issues.redhat.com/browse/JBEAP-31032"
},
{
"category": "external",
"summary": "JBEAP-31042",
"url": "https://issues.redhat.com/browse/JBEAP-31042"
},
{
"category": "external",
"summary": "JBEAP-31043",
"url": "https://issues.redhat.com/browse/JBEAP-31043"
},
{
"category": "external",
"summary": "JBEAP-31044",
"url": "https://issues.redhat.com/browse/JBEAP-31044"
},
{
"category": "external",
"summary": "JBEAP-31047",
"url": "https://issues.redhat.com/browse/JBEAP-31047"
},
{
"category": "external",
"summary": "JBEAP-31048",
"url": "https://issues.redhat.com/browse/JBEAP-31048"
},
{
"category": "external",
"summary": "JBEAP-31054",
"url": "https://issues.redhat.com/browse/JBEAP-31054"
},
{
"category": "external",
"summary": "JBEAP-31059",
"url": "https://issues.redhat.com/browse/JBEAP-31059"
},
{
"category": "external",
"summary": "JBEAP-31095",
"url": "https://issues.redhat.com/browse/JBEAP-31095"
},
{
"category": "external",
"summary": "JBEAP-31105",
"url": "https://issues.redhat.com/browse/JBEAP-31105"
},
{
"category": "external",
"summary": "JBEAP-31106",
"url": "https://issues.redhat.com/browse/JBEAP-31106"
},
{
"category": "external",
"summary": "JBEAP-31113",
"url": "https://issues.redhat.com/browse/JBEAP-31113"
},
{
"category": "external",
"summary": "JBEAP-31125",
"url": "https://issues.redhat.com/browse/JBEAP-31125"
},
{
"category": "external",
"summary": "JBEAP-31274",
"url": "https://issues.redhat.com/browse/JBEAP-31274"
},
{
"category": "external",
"summary": "JBEAP-31291",
"url": "https://issues.redhat.com/browse/JBEAP-31291"
},
{
"category": "external",
"summary": "JBEAP-31315",
"url": "https://issues.redhat.com/browse/JBEAP-31315"
},
{
"category": "external",
"summary": "JBEAP-31323",
"url": "https://issues.redhat.com/browse/JBEAP-31323"
},
{
"category": "external",
"summary": "JBEAP-31338",
"url": "https://issues.redhat.com/browse/JBEAP-31338"
},
{
"category": "external",
"summary": "JBEAP-31340",
"url": "https://issues.redhat.com/browse/JBEAP-31340"
},
{
"category": "external",
"summary": "JBEAP-31346",
"url": "https://issues.redhat.com/browse/JBEAP-31346"
},
{
"category": "external",
"summary": "JBEAP-31354",
"url": "https://issues.redhat.com/browse/JBEAP-31354"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22187.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:31+00:00",
"generator": {
"date": "2026-03-18T16:08:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22187",
"initial_release_date": "2025-11-26T16:59:20+00:00",
"revision_history": [
{
"date": "2025-11-26T16:59:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T16:59:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.1 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"product_id": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-snakeyaml@2.3.0-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.4-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.6.31-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"product_id": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan@15.0.21-1.Final_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.7.16-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jgroups@5.3.21-1.Final_redhat_00001.1.el8eap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering@5.0.11-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"product_id": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-2.GA_redhat_00006.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-client@2.1.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"product_id": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.2.0-1.GA_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"product_id": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-lang@3.18.0-2.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4@4.13.2-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"product": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"product_id": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.1.2-1.GA_redhat_00004.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"product_id": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-3.redhat_00008.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"product_id": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm@9.7.1-3.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-snakeyaml@2.3.0-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-elasticsearch@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-backend-lucene@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-engine@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-orm@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-mapper-pojo-base@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-search-util-common@7.2.4-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools-core@4.0.5-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.6.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.6.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.6.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-jdbc@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-jdbc-common@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cachestore-remote@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-common@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-embedded@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-cdi-remote@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-client-hotrod@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-clustered-counter@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-clustered-lock@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-commons@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-core@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-commons@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-spi@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-hibernate-cache-v62@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-objectfilter@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query-core@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-query-dsl@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-infinispan-remote-query-client@15.0.21-1.Final_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.7.16-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jgroups@5.3.21-1.Final_redhat_00001.1.el8eap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-common@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-embedded@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-infinispan-remote@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-cache-spi@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-context@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-jboss@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-protostream@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-marshalling-spi@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-api@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-infinispan@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-jgroups@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-local@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-server-spi@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-cache@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-infinispan-embedded@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-infinispan-remote@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spec-servlet-6.0@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spec-spi@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-clustering-session-spi@5.0.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-javadocs@8.1.1-2.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-client-common@2.1.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-ejb-client@2.1.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-naming-client@2.1.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-http-transaction-client@2.1.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@801.2.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@801.2.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-lang@3.18.0-2.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4@4.13.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-antlr4-runtime@4.13.2-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.1.2-1.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.1.2-1.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.1.2-1.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.1.2-1.GA_redhat_00004.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.40.0-3.redhat_00008.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm@9.7.1-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-objectweb-asm-util@9.7.1-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src"
},
"product_reference": "eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src as a component of Red Hat JBoss EAP 8.1 for RHEL 8",
"product_id": "8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T16:59:20+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22187"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-0:2.40.0-3.redhat_00008.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-activemq-artemis-cli-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-commons-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-core-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-dto-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hornetq-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-hqclient-protocol-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-client-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-ra-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jakarta-service-extensions-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-jdbc-store-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-journal-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-selector-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-activemq-artemis-server-0:2.40.0-3.redhat_00008.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-antlr4-0:4.13.2-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-antlr4-runtime-0:4.13.2-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-apache-commons-lang-0:3.18.0-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-atinject-0:2.0.1-5.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eap-product-conf-parent-0:801.2.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-eap-product-conf-wildfly-ee-feature-pack-0:801.2.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hal-console-0:3.7.16-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-0:6.6.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-core-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-envers-0:6.6.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-0:7.2.4-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-elasticsearch-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-backend-lucene-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-engine-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-orm-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-mapper-pojo-base-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-hibernate-search-util-common-0:7.2.4-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-0:15.0.21-1.Final_redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-jdbc-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cachestore-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-common-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-embedded-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-cdi-remote-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-client-hotrod-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-counter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-clustered-lock-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-commons-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-spi-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-hibernate-cache-v62-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-objectfilter-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-core-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-query-dsl-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-infinispan-remote-query-client-0:15.0.21-1.Final_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jctools-0:4.0.5-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-jgroups-1:5.3.21-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-objectweb-asm-0:9.7.1-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-objectweb-asm-util-0:9.7.1-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-parsson-0:1.1.7-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-snakeyaml-0:2.3.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-0:8.1.2-1.GA_redhat_00004.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-0:5.0.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-common-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-cache-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-context-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-jboss-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-protostream-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-marshalling-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-api-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-infinispan-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-jgroups-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-local-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-server-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-cache-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-embedded-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-infinispan-remote-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-servlet-6.0-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spec-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-clustering-session-spi-0:5.0.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-http-client-common-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-ejb-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-naming-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-http-transaction-client-0:2.1.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk17-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-java-jdk21-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-wildfly-javadocs-0:8.1.1-2.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.1:eap8-wildfly-modules-0:8.1.2-1.GA_redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.noarch",
"8Base-JBEAP-8.1:eap8-yasson-0:3.0.4-2.redhat_00004.1.el8eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
RHSA-2025:23487
Vulnerability from csaf_redhat - Published: 2025-12-17 13:41 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.12 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.12.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.12 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.12.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.12 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23487",
"url": "https://access.redhat.com/errata/RHSA-2025:23487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23487.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.12 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:35+00:00",
"generator": {
"date": "2026-03-18T16:08:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23487",
"initial_release_date": "2025-12-17T13:41:30+00:00",
"revision_history": [
{
"date": "2025-12-17T13:41:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:41:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.12",
"product": {
"name": "OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3A2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.12.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.12.0-1765819949"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Acc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.12.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ae3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.12.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ab0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.12.0-1765820400"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64 as a component of OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x as a component of OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64 as a component of OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le as a component of OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64 as a component of OpenShift Developer Tools and Services 4.12",
"product_id": "OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:30+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.12 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23487"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:30+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.12 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23487"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.12:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:30b043d6c77a18e0f3ff2e30da493588d9c7b6cc91ff887100ef869853e264f3_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:22775
Vulnerability from csaf_redhat - Published: 2025-12-04 18:03 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.10, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.11 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.0.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22775",
"url": "https://access.redhat.com/errata/RHSA-2025:22775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-28993",
"url": "https://issues.redhat.com/browse/JBEAP-28993"
},
{
"category": "external",
"summary": "JBEAP-30584",
"url": "https://issues.redhat.com/browse/JBEAP-30584"
},
{
"category": "external",
"summary": "JBEAP-30977",
"url": "https://issues.redhat.com/browse/JBEAP-30977"
},
{
"category": "external",
"summary": "JBEAP-31001",
"url": "https://issues.redhat.com/browse/JBEAP-31001"
},
{
"category": "external",
"summary": "JBEAP-31031",
"url": "https://issues.redhat.com/browse/JBEAP-31031"
},
{
"category": "external",
"summary": "JBEAP-31074",
"url": "https://issues.redhat.com/browse/JBEAP-31074"
},
{
"category": "external",
"summary": "JBEAP-31253",
"url": "https://issues.redhat.com/browse/JBEAP-31253"
},
{
"category": "external",
"summary": "JBEAP-31260",
"url": "https://issues.redhat.com/browse/JBEAP-31260"
},
{
"category": "external",
"summary": "JBEAP-31290",
"url": "https://issues.redhat.com/browse/JBEAP-31290"
},
{
"category": "external",
"summary": "JBEAP-31339",
"url": "https://issues.redhat.com/browse/JBEAP-31339"
},
{
"category": "external",
"summary": "JBEAP-31377",
"url": "https://issues.redhat.com/browse/JBEAP-31377"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22775.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.11 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:33+00:00",
"generator": {
"date": "2026-03-18T16:08:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22775",
"initial_release_date": "2025-12-04T18:03:52+00:00",
"revision_history": [
{
"date": "2025-12-04T18:03:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-16T19:11:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.12-1.Final_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"product_id": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-sun-istack-commons@4.1.2-2.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.27-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.11.0-1.GA_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.46-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator@8.0.2-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-el-api_5.0_spec@4.0.2-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle@1.82.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"product_id": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.11-1.GA_redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-installation-manager-api@1.0.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.2-1.redhat_00001.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax2-api@4.2.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools@4.0.5-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jctools-core@4.0.5-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product_id": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-servlet-api@6.0.0-6.redhat_00007.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-ws-rs-api@3.1.0-5.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-parsson@1.1.7-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-saaj-impl@3.0.4-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-stax-ex@2.1.0-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-xml-bind-api@4.0.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-activation@2.1.3-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-mail@2.1.3-3.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product_id": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-atinject@2.0.1-5.redhat_00007.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-interceptor-api@2.1.0-5.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product_id": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-4.redhat_00005.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product_id": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-yasson@3.0.4-2.redhat_00004.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.12-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.12-1.Final_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-core@4.4.16-6.redhat_00011.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product_id": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-annotation-api@2.1.1-5.redhat_00005.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product_id": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-validation-api@3.0.2-3.redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-istack-commons-runtime@4.1.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-istack-commons-tools@4.1.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-sun-istack-commons@4.1.2-2.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.27-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.11.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.11.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.46-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.46-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.46-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eclipse-jgit@6.10.1.202505221210-1.r_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator@8.0.2-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-validator-cdi@8.0.2-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-el-api_5.0_spec@4.0.2-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-jmail@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-pg@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-pkix@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-prov@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-bouncycastle-util@1.82.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.11-1.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.11-1.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.11-1.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.11-1.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.11-1.GA_redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-client@4.5.14-5.redhat_00016.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-4.redhat_00003.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-angus-activation@2.0.2-2.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-installation-manager-api@1.0.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.2-1.redhat_00001.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src"
},
"product_reference": "eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src"
},
"product_reference": "eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src"
},
"product_reference": "eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src"
},
"product_reference": "eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch"
},
"product_reference": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src"
},
"product_reference": "eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
},
"product_reference": "eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T18:03:52+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22775"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-angus-activation-0:2.0.2-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-io-0:2.16.1-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-atinject-0:2.0.1-5.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-0:1.82.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-bouncycastle-jmail-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pg-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-pkix-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-prov-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-bouncycastle-util-0:1.82.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.11.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.11.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eclipse-jgit-0:6.10.1.202505221210-1.r_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.27-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.46-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.46-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-validator-0:8.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-validator-cdi-0:8.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-client-0:4.5.14-5.redhat_00016.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-core-0:4.4.16-6.redhat_00011.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-installation-manager-api-0:1.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-istack-commons-runtime-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-istack-commons-tools-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-activation-0:2.1.3-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-annotation-api-0:2.1.1-5.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-enterprise-concurrent-0:3.0.2-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-interceptor-api-0:2.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-mail-0:2.1.3-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-servlet-api-0:6.0.0-6.redhat_00007.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-validation-api-0:3.0.2-3.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-ws-rs-api-0:3.1.0-5.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jakarta-xml-bind-api-0:4.0.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-el-api_5.0_spec-0:4.0.2-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jctools-0:4.0.5-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jctools-core-0:4.0.5-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-parsson-0:1.1.7-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactive-streams-0:1.0.4-4.redhat_00005.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-4.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-saaj-impl-0:3.0.4-2.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax-ex-0:2.1.0-3.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-stax2-api-0:4.2.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-sun-istack-commons-0:4.1.2-2.redhat_00003.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.11-1.GA_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.12-1.Final_redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.12-1.Final_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.11-1.GA_redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-yasson-0:3.0.4-2.redhat_00004.1.el9eap.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
RHSA-2025:23485
Vulnerability from csaf_redhat - Published: 2025-12-17 13:41 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.14 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.14.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.14 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.14.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.14 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23485",
"url": "https://access.redhat.com/errata/RHSA-2025:23485"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23485.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.14 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:35+00:00",
"generator": {
"date": "2026-03-18T16:08:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23485",
"initial_release_date": "2025-12-17T13:41:11+00:00",
"revision_history": [
{
"date": "2025-12-17T13:41:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:41:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.14",
"product": {
"name": "OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.14::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3A2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Acc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3Afeffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ae3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3Af65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ab0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.14.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64 as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64 as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64 as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64 as a component of OpenShift Developer Tools and Services 4.14",
"product_id": "OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:11+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.14 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23485"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:11+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.14 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23485"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.14:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:23486
Vulnerability from csaf_redhat - Published: 2025-12-17 13:41 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.15 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.15.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.15 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.15.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.15 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23486",
"url": "https://access.redhat.com/errata/RHSA-2025:23486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23486.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.15 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:35+00:00",
"generator": {
"date": "2026-03-18T16:08:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23486",
"initial_release_date": "2025-12-17T13:41:25+00:00",
"revision_history": [
{
"date": "2025-12-17T13:41:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:41:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.15",
"product": {
"name": "OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.15::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3A2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Acc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3Afeffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ae3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3Af65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel8@sha256%3Ab0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820400"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel8@sha256%3A5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.15.0-1765820005"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64 as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64 as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64 as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64 as a component of OpenShift Developer Tools and Services 4.15",
"product_id": "OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:25+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.15 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:41:25+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.15 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23486"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:2cf352e9c89a8f4bce884f49629b7c84e1352c5cd64e095ae26c2664ecc6bd89_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:b0095ccfcf007894612189549ae7d931bb40fe52a923b963b678d5a6c67022e6_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:cc5db9e93a9e2fccd44aef2bdf018943cce058c35d11977326003481b65a866f_arm64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8@sha256:e3d5be4a078ae7954f167f855d15bb0f6fc34b426928a26ff4d30b41f41549a4_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:27db4f7a070211cfe9a0383cf784a664fcbe3a82605611f9f9d8c99cf93c31aa_amd64",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:5725ed192b1a3ca65c9087d2a56636ef31a6523549199d3a10c9a264f9137a0c_s390x",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:f65d9a4294ddd451e0b55424085cd650591f4c72e01d931f384af4c844ec3a9b_ppc64le",
"OpenShift Developer Tools and Services 4.15:registry.redhat.io/ocp-tools-4/jenkins-rhel8@sha256:feffbd0107486c090d01b1b39a7b559642074d8251962cd3c0e15f6f0c3a21e5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:23489
Vulnerability from csaf_redhat - Published: 2025-12-17 13:43 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.17 security update.
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.17.
Details
Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.17 security update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Openshift Jenkins is now available for Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.17.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.17 security update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23489",
"url": "https://access.redhat.com/errata/RHSA-2025:23489"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4949",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-67635",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23489.json"
}
],
"title": "Red Hat Security Advisory: Release of Red Hat OpenShift Developer Tools - Openshift Jenkins 4.17 security update.",
"tracking": {
"current_release_date": "2026-03-18T16:08:36+00:00",
"generator": {
"date": "2026-03-18T16:08:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:23489",
"initial_release_date": "2025-12-17T13:43:36+00:00",
"revision_history": [
{
"date": "2025-12-17T13:43:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T13:43:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Developer Tools and Services 4.17",
"product": {
"name": "OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ocp_tools:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift Developer Tools and Services"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3Ac19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-agent-base-rhel9@sha256%3A7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868580"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_id": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jenkins-rhel9@sha256%3A639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4\u0026tag=v4.17.0-1765868606"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64 as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64 as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64 as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64 as a component of OpenShift Developer Tools and Services 4.17",
"product_id": "OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
},
"product_reference": "registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64",
"relates_to_product_reference": "OpenShift Developer Tools and Services 4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:36+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.17 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23489"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-67635",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2025-12-10T17:01:24.450765+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420998"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"known_not_affected": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-67635"
},
{
"category": "external",
"summary": "RHBZ#2420998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420998"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-67635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67635"
},
{
"category": "external",
"summary": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630",
"url": "https://www.jenkins.io/security/advisory/2025-12-10/#SECURITY-3630"
}
],
"release_date": "2025-12-10T16:50:35.491000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T13:43:36+00:00",
"details": "It is recommended that existing users of Red Hat OpenShift Developer Tools - OpenShift Jenkins 4.17 upgrade to the latest. This update includes a newer OpenShift client (oc) version bundled in the image. If your Jenkins pipelines require a specific oc version, configure it explicitly using the Jenkins pipeline tools directive.",
"product_ids": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23489"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:12c117246b5ed9075aad4a5970015d36de17812abedec9e986ede54c9f9a944e_arm64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:50021e5ceb2ff7baf42b44e3ea6cd7f39f73d45ab8accea976b59758acacf47c_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:7ea6ed80a8ce7410d3b1abb73e575e664d3c17ea7cf6eacf852d871d4858e241_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel9@sha256:9c9bc46e0370e9ae895474f85ae374d2b69a35402615fa6f6cec196a73e340a7_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:60063737604433397462efda8ba499016bfe5fb8400a3eb29e3daac5a098a7ed_ppc64le",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:639855931c885c92feff9578f03cc426fb548f15721d1231227332300d90e0ad_s390x",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:824b0151835492c9b41077491419b938c8d231ed80208cd99b3d5fa8e206c3fb_amd64",
"OpenShift Developer Tools and Services 4.17:registry.redhat.io/ocp-tools-4/jenkins-rhel9@sha256:c19b9a5471b0b496011fadb920a099a20b918ec326693e0ae5b2b306d2c7a57b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jenkins-ci.main/jenkins-core: Jenkins HTTP connection mis-handling"
}
]
}
RHSA-2025:22190
Vulnerability from csaf_redhat - Published: 2025-11-26 17:02 - Updated: 2026-03-18 16:08Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 security update
Notes
Topic
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.1.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.1.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.1.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit [eap-8.1.z] (CVE-2025-4949)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22190",
"url": "https://access.redhat.com/errata/RHSA-2025:22190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.1"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7133099",
"url": "https://access.redhat.com/articles/7133099"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "JBEAP-30670",
"url": "https://issues.redhat.com/browse/JBEAP-30670"
},
{
"category": "external",
"summary": "JBEAP-30737",
"url": "https://issues.redhat.com/browse/JBEAP-30737"
},
{
"category": "external",
"summary": "JBEAP-30753",
"url": "https://issues.redhat.com/browse/JBEAP-30753"
},
{
"category": "external",
"summary": "JBEAP-30951",
"url": "https://issues.redhat.com/browse/JBEAP-30951"
},
{
"category": "external",
"summary": "JBEAP-31005",
"url": "https://issues.redhat.com/browse/JBEAP-31005"
},
{
"category": "external",
"summary": "JBEAP-31020",
"url": "https://issues.redhat.com/browse/JBEAP-31020"
},
{
"category": "external",
"summary": "JBEAP-31032",
"url": "https://issues.redhat.com/browse/JBEAP-31032"
},
{
"category": "external",
"summary": "JBEAP-31042",
"url": "https://issues.redhat.com/browse/JBEAP-31042"
},
{
"category": "external",
"summary": "JBEAP-31043",
"url": "https://issues.redhat.com/browse/JBEAP-31043"
},
{
"category": "external",
"summary": "JBEAP-31044",
"url": "https://issues.redhat.com/browse/JBEAP-31044"
},
{
"category": "external",
"summary": "JBEAP-31047",
"url": "https://issues.redhat.com/browse/JBEAP-31047"
},
{
"category": "external",
"summary": "JBEAP-31048",
"url": "https://issues.redhat.com/browse/JBEAP-31048"
},
{
"category": "external",
"summary": "JBEAP-31054",
"url": "https://issues.redhat.com/browse/JBEAP-31054"
},
{
"category": "external",
"summary": "JBEAP-31059",
"url": "https://issues.redhat.com/browse/JBEAP-31059"
},
{
"category": "external",
"summary": "JBEAP-31095",
"url": "https://issues.redhat.com/browse/JBEAP-31095"
},
{
"category": "external",
"summary": "JBEAP-31105",
"url": "https://issues.redhat.com/browse/JBEAP-31105"
},
{
"category": "external",
"summary": "JBEAP-31106",
"url": "https://issues.redhat.com/browse/JBEAP-31106"
},
{
"category": "external",
"summary": "JBEAP-31113",
"url": "https://issues.redhat.com/browse/JBEAP-31113"
},
{
"category": "external",
"summary": "JBEAP-31125",
"url": "https://issues.redhat.com/browse/JBEAP-31125"
},
{
"category": "external",
"summary": "JBEAP-31274",
"url": "https://issues.redhat.com/browse/JBEAP-31274"
},
{
"category": "external",
"summary": "JBEAP-31291",
"url": "https://issues.redhat.com/browse/JBEAP-31291"
},
{
"category": "external",
"summary": "JBEAP-31315",
"url": "https://issues.redhat.com/browse/JBEAP-31315"
},
{
"category": "external",
"summary": "JBEAP-31323",
"url": "https://issues.redhat.com/browse/JBEAP-31323"
},
{
"category": "external",
"summary": "JBEAP-31338",
"url": "https://issues.redhat.com/browse/JBEAP-31338"
},
{
"category": "external",
"summary": "JBEAP-31340",
"url": "https://issues.redhat.com/browse/JBEAP-31340"
},
{
"category": "external",
"summary": "JBEAP-31346",
"url": "https://issues.redhat.com/browse/JBEAP-31346"
},
{
"category": "external",
"summary": "JBEAP-31354",
"url": "https://issues.redhat.com/browse/JBEAP-31354"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22190.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.2 security update",
"tracking": {
"current_release_date": "2026-03-18T16:08:32+00:00",
"generator": {
"date": "2026-03-18T16:08:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:22190",
"initial_release_date": "2025-11-26T17:02:38+00:00",
"revision_history": [
{
"date": "2025-11-26T17:02:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T17:02:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T16:08:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 8",
"product_id": "Red Hat JBoss Enterprise Application Platform 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T17:02:38+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22190"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
}
]
}
GHSA-VRPQ-QP53-QV56
Vulnerability from github – Published: 2025-05-21 21:31 – Updated: 2026-01-13 22:47
VLAI?
Summary
Eclipse JGit XML External Entity (XXE) Vulnerability
Details
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "7.2.0.202503040940-r"
},
{
"fixed": "7.2.1.202505142326-r"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "7.1.0.202411261347-r"
},
{
"fixed": "7.1.1.202505221757-r"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0.202409031743-r"
},
{
"fixed": "7.0.1.202505221510-r"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "6.1.0.202203080745-r"
},
{
"fixed": "6.10.1.202505221210-r"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0.202110060947-m1"
},
{
"fixed": "6.0.0.202111291000-r"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jgit:org.eclipse.jgit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.13.4.202507202350-r"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-4949"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-22T18:49:33Z",
"nvd_published_at": "2025-05-21T07:16:01Z",
"severity": "MODERATE"
},
"details": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.",
"id": "GHSA-vrpq-qp53-qv56",
"modified": "2026-01-13T22:47:14Z",
"published": "2025-05-21T21:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-jgit/jgit"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/5.13.5"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1"
},
{
"type": "WEB",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Eclipse JGit XML External Entity (XXE) Vulnerability"
}
CERTFR-2025-AVI-0905
Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (Unified Audit) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 19.3 à 19.28 | ||
| Oracle | Database Server | Oracle Database Server (SQLcl) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS Functional Index) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 19.3 à 19.28 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 23.4 à 23.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server (Portable Clusterware) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Unified Audit) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 19.3 \u00e0 19.28",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (SQLcl) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS Functional Index) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Portable Clusterware) version 19.3 \u00e0 19.28",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Portable Clusterware) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-61749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61749"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53051"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2025-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53047"
},
{
"name": "CVE-2025-61881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61881"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0905",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Database Server cpuoct2025",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
CERTFR-2025-AVI-0905
Vulnerability from certfr_avis - Published: 2025-10-22 - Updated: 2025-10-22
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (Unified Audit) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 19.3 à 19.28 | ||
| Oracle | Database Server | Oracle Database Server (SQLcl) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS Functional Index) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 19.3 à 19.28 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 23.4 à 23.9 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (RDBMS) version 21.3 à 21.19 | ||
| Oracle | Database Server | Oracle Database Server (Portable Clusterware) version 23.4 à 23.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server (Portable Clusterware) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Unified Audit) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 19.3 \u00e0 19.28",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (SQLcl) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS Functional Index) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Portable Clusterware) version 19.3 \u00e0 19.28",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (RDBMS) version 21.3 \u00e0 21.19",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Portable Clusterware) version 23.4 \u00e0 23.9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-61749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61749"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2025-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53051"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2025-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53047"
},
{
"name": "CVE-2025-61881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61881"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
}
],
"initial_release_date": "2025-10-22T00:00:00",
"last_revision_date": "2025-10-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0905",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Database Server cpuoct2025",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
]
}
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
FKIE_CVE-2025-4949
Vulnerability from fkie_nvd - Published: 2025-05-21 07:16 - Updated: 2026-01-05 18:11
Severity ?
Summary
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.
References
| URL | Tags | ||
|---|---|---|---|
| emo@eclipse.org | https://gitlab.eclipse.org/security/cve-assignement/-/issues/64 | Issue Tracking, Vendor Advisory | |
| emo@eclipse.org | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281 | Exploit, Issue Tracking | |
| emo@eclipse.org | https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4 | Release Notes | |
| emo@eclipse.org | https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1 | Release Notes | |
| emo@eclipse.org | https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1 | Release Notes | |
| emo@eclipse.org | https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1 | Release Notes | |
| emo@eclipse.org | https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1 | Release Notes | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA83AF58-95B9-4502-B31D-E4FDE3AE38B5",
"versionEndExcluding": "5.13.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "564D2570-3C49-420B-A01D-0803E7EFD1CD",
"versionEndExcluding": "6.10.1.202505221210",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEEF05C-0772-4BAF-A4AB-A87CFE32121C",
"versionEndExcluding": "7.0.1.202505221510",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B0B7A0-8785-4C21-96F8-98EDD7A23D50",
"versionEndExcluding": "7.1.1.202505221757",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jgit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D70B5F8-067E-434D-8EC5-33301A264288",
"versionEndExcluding": "7.2.1.202505142326",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues."
},
{
"lang": "es",
"value": "En las versiones 7.2.0.202503040940-r y anteriores de Eclipse JGit, la clase ManifestParser, utilizada por el comando repo, y la clase AmazonS3, utilizada para implementar el protocolo experimental de transporte de Git amazons3, que permite almacenar archivos de paquetes de Git en un bucket de Amazon S3, son vulnerables a ataques de Entidad Externa XML (XXE) al analizar archivos XML. Esta vulnerabilidad puede provocar divulgaci\u00f3n de informaci\u00f3n, denegaci\u00f3n de servicio y otros problemas de seguridad."
}
],
"id": "CVE-2025-4949",
"lastModified": "2026-01-05T18:11:59.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"source": "emo@eclipse.org",
"type": "Secondary"
}
]
},
"published": "2025-05-21T07:16:01.397",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1"
},
{
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
],
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-827"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2025:15232-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
jgit-5.11.0-2.1 on GA media
Notes
Title of the patch
jgit-5.11.0-2.1 on GA media
Description of the patch
These are all security issues fixed in the jgit-5.11.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15232
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jgit-5.11.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jgit-5.11.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15232",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15232-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4759 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4949/"
}
],
"title": "jgit-5.11.0-2.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15232-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jgit-5.11.0-2.1.aarch64",
"product": {
"name": "jgit-5.11.0-2.1.aarch64",
"product_id": "jgit-5.11.0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "jgit-javadoc-5.11.0-2.1.aarch64",
"product": {
"name": "jgit-javadoc-5.11.0-2.1.aarch64",
"product_id": "jgit-javadoc-5.11.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jgit-5.11.0-2.1.ppc64le",
"product": {
"name": "jgit-5.11.0-2.1.ppc64le",
"product_id": "jgit-5.11.0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "jgit-javadoc-5.11.0-2.1.ppc64le",
"product": {
"name": "jgit-javadoc-5.11.0-2.1.ppc64le",
"product_id": "jgit-javadoc-5.11.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jgit-5.11.0-2.1.s390x",
"product": {
"name": "jgit-5.11.0-2.1.s390x",
"product_id": "jgit-5.11.0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "jgit-javadoc-5.11.0-2.1.s390x",
"product": {
"name": "jgit-javadoc-5.11.0-2.1.s390x",
"product_id": "jgit-javadoc-5.11.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jgit-5.11.0-2.1.x86_64",
"product": {
"name": "jgit-5.11.0-2.1.x86_64",
"product_id": "jgit-5.11.0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "jgit-javadoc-5.11.0-2.1.x86_64",
"product": {
"name": "jgit-javadoc-5.11.0-2.1.x86_64",
"product_id": "jgit-javadoc-5.11.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64"
},
"product_reference": "jgit-5.11.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le"
},
"product_reference": "jgit-5.11.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x"
},
"product_reference": "jgit-5.11.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64"
},
"product_reference": "jgit-5.11.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-javadoc-5.11.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64"
},
"product_reference": "jgit-javadoc-5.11.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-javadoc-5.11.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le"
},
"product_reference": "jgit-javadoc-5.11.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-javadoc-5.11.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x"
},
"product_reference": "jgit-javadoc-5.11.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-javadoc-5.11.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
},
"product_reference": "jgit-javadoc-5.11.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4759"
}
],
"notes": [
{
"category": "general",
"text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4759",
"url": "https://www.suse.com/security/cve/CVE-2023-4759"
},
{
"category": "external",
"summary": "SUSE Bug 1215298 for CVE-2023-4759",
"url": "https://bugzilla.suse.com/1215298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4759"
},
{
"cve": "CVE-2025-4949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4949"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4949",
"url": "https://www.suse.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "SUSE Bug 1243647 for CVE-2025-4949",
"url": "https://bugzilla.suse.com/1243647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jgit-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-5.11.0-2.1.x86_64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.aarch64",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.ppc64le",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.s390x",
"openSUSE Tumbleweed:jgit-javadoc-5.11.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4949"
}
]
}
NCSC-2025-0328
Vulnerability from csaf_ncscnl - Published: 2025-10-23 07:19 - Updated: 2025-10-23 07:19Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten
Interpretaties
De kwetsbaarheden in Oracle Database Server stellen ongeauthenticeerde aanvallers in staat om ongeoorloofde toegang te verkrijgen tot kritieke gegevens, wat kan leiden tot schending van de vertrouwelijkheid, integriteit en beschikbaarheid van de data. Specifieke kwetsbaarheden, zoals die in de Portable Clusterware en de Unified Audit componenten, kunnen worden misbruikt door aanvallers met beperkte privileges, wat aanzienlijke risico's met zich meebrengt. De CVSS-scores variëren van 2.7 tot 9.8, afhankelijk van de ernst van de kwetsbaarheid.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125
Out-of-bounds Read
CWE-190
Integer Overflow or Wraparound
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
CWE-404
Improper Resource Shutdown or Release
CWE-502
Deserialization of Untrusted Data
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-827
Improper Control of Document Type Definition
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Database Server producten",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Database Server stellen ongeauthenticeerde aanvallers in staat om ongeoorloofde toegang te verkrijgen tot kritieke gegevens, wat kan leiden tot schending van de vertrouwelijkheid, integriteit en beschikbaarheid van de data. Specifieke kwetsbaarheden, zoals die in de Portable Clusterware en de Unified Audit componenten, kunnen worden misbruikt door aanvallers met beperkte privileges, wat aanzienlijke risico\u0027s met zich meebrengt. De CVSS-scores vari\u00ebren van 2.7 tot 9.8, afhankelijk van de ernst van de kwetsbaarheid.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-10-23T07:19:57.652532Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0328",
"initial_release_date": "2025-10-23T07:19:57.652532Z",
"revision_history": [
{
"date": "2025-10-23T07:19:57.652532Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Clusterware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Database Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Essbase"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Essbase Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "GoldenGate Big Data and Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "GoldenGate Stream Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "GoldenGate for Big Data"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Goldengate Application Adapters"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Goldengate Big Data"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Goldengate Veridata"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Graph Server And Client"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Java Virtual Machine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "REST Data Services"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "SQLcl"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent updates address vulnerabilities in various Oracle applications and Apache HttpComponents, with several rated as high risk, allowing potential remote exploitation affecting data integrity and system security.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2024-52577",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle GoldenGate Stream Analytics and Apache Ignite could allow unauthenticated access and arbitrary code execution, respectively, with severe implications for system integrity and security.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52577 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-52577.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-52577"
},
{
"cve": "CVE-2024-57699",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-57699 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2024-57699"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Database Server\u0027s SQLcl component and Eclipse JGit versions expose critical data to unauthorized access and denial of service through XML parsing flaws and require user interaction for exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-8885",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Bouncy Castle Java library and Oracle GoldenGate products allow for excessive resource allocation and denial of service, affecting various versions and potentially leading to significant disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8885 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8885.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-8885"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-52520",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "description",
"text": "Apache Tomcat versions 11.0.0-M1 to 11.0.8, 10.1.0-M1 to 10.1.42, and 9.0.0.M1 to 9.0.106 are vulnerable to Denial of Service due to an Integer Overflow vulnerability, while Oracle Graph Server versions 24.4.3 and 25.3.0 also exhibit a similar flaw.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-52520 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52520.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-52520"
},
{
"cve": "CVE-2025-53047",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s Portable Clusterware component affects specific versions, allowing unauthenticated network attackers to access certain data, with a CVSS score of 5.8 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53047 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53047.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53047"
},
{
"cve": "CVE-2025-53051",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s RDBMS Functional Index component (versions 23.4-23.9) allows high-privileged SYSDBA attackers to potentially gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53051 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53051.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53051"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-61749",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Database Server\u0027s Unified Audit component (versions 23.4-23.9) allows high-privileged DBA attackers to compromise audit integrity, with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61749 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61749.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61749"
},
{
"cve": "CVE-2025-61763",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle Essbase version 21.7.3.0.0 allows low-privileged attackers with HTTP access to compromise the system, posing significant risks to data integrity and confidentiality with a CVSS score of 8.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61763 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61763"
},
{
"cve": "CVE-2025-61881",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in the Java VM component of Oracle Database Server allows unauthenticated network attackers to compromise the Java VM, potentially leading to unauthorized data manipulation, with a CVSS 3.1 Base Score of 5.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61881 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61881.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14"
]
}
],
"title": "CVE-2025-61881"
}
]
}
NCSC-2026-0027
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.
Interpretaties
De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-117
Improper Output Neutralization for Logs
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122
Heap-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-209
Generation of Error Message Containing Sensitive Information
CWE-252
Unchecked Return Value
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-289
Authentication Bypass by Alternate Name
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-457
Use of Uninitialized Variable
CWE-476
NULL Pointer Dereference
CWE-611
Improper Restriction of XML External Entity Reference
CWE-674
Uncontrolled Recursion
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-827
Improper Control of Document Type Definition
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863
Incorrect Authorization
CWE-918
Server-Side Request Forgery (SSRF)
CWE-937
CWE-937
CWE-1035
CWE-1035
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
"tracking": {
"current_release_date": "2026-01-21T10:08:59.379774Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0027",
"initial_release_date": "2026-01-21T10:08:59.379774Z",
"revision_history": [
{
"date": "2026-01-21T10:08:59.379774Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Data Integrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Fusion Middleware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Identity Manager Connector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Managed File Transfer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Business Process Management Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Coherence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Global Lifecycle Management NextGen OUI Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Identity Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Outside In Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle SOA Suite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Security Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Service Bus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Unified Directory"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle WebCenter Enterprise Capture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle WebLogic Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Weblogic Server Proxy Plug-in"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-19"
}
}
],
"category": "product_name",
"name": "Service Delivery Platform"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-20"
}
}
],
"category": "product_name",
"name": "WebCenter Sites"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45105",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-45105 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2021-45105"
},
{
"cve": "CVE-2022-41342",
"notes": [
{
"category": "description",
"text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41342 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2022-41342"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-42516",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-42516"
},
{
"cve": "CVE-2024-43204",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43204 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-43204"
},
{
"cve": "CVE-2024-47252",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Escape, Meta, or Control Sequences",
"title": "CWE-150"
},
{
"category": "other",
"text": "Improper Output Neutralization for Logs",
"title": "CWE-117"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47252 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47252"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47554 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-56406",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-56406 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2024-56406"
},
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Control of Document Type Definition",
"title": "CWE-827"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-4949"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-12383",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-12383 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-12383"
},
{
"cve": "CVE-2025-23048",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-23048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-23048"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-43967",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "description",
"text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43967 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-53864",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53864 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-53864"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-54874",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"notes": [
{
"category": "other",
"text": "Use of Uninitialized Variable",
"title": "CWE-457"
},
{
"category": "description",
"text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54874 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54874"
},
{
"cve": "CVE-2025-54988",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-54988"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2026-21962",
"notes": [
{
"category": "description",
"text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21962 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18",
"CSAFPID-19",
"CSAFPID-20"
]
}
],
"title": "CVE-2026-21962"
}
]
}
SUSE-SU-2025:02762-1
Vulnerability from csaf_suse - Published: 2025-08-12 12:45 - Updated: 2025-08-12 12:45Summary
Security update for eclipse-jgit
Notes
Title of the patch
Security update for eclipse-jgit
Description of the patch
This update for eclipse-jgit fixes the following issues:
- CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class (bsc#1243647).
Patchnames
SUSE-2025-2762,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2762,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2762,openSUSE-SLE-15.6-2025-2762
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for eclipse-jgit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for eclipse-jgit fixes the following issues:\n\n- CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class (bsc#1243647).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2762,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2762,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2762,openSUSE-SLE-15.6-2025-2762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02762-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02762-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502762-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02762-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041181.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243647",
"url": "https://bugzilla.suse.com/1243647"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4949/"
}
],
"title": "Security update for eclipse-jgit",
"tracking": {
"current_release_date": "2025-08-12T12:45:02Z",
"generator": {
"date": "2025-08-12T12:45:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02762-1",
"initial_release_date": "2025-08-12T12:45:02Z",
"revision_history": [
{
"date": "2025-08-12T12:45:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "eclipse-jgit-5.11.0-150200.3.23.1.noarch",
"product": {
"name": "eclipse-jgit-5.11.0-150200.3.23.1.noarch",
"product_id": "eclipse-jgit-5.11.0-150200.3.23.1.noarch"
}
},
{
"category": "product_version",
"name": "jgit-5.11.0-150200.3.23.1.noarch",
"product": {
"name": "jgit-5.11.0-150200.3.23.1.noarch",
"product_id": "jgit-5.11.0-150200.3.23.1.noarch"
}
},
{
"category": "product_version",
"name": "jgit-javadoc-5.11.0-150200.3.23.1.noarch",
"product": {
"name": "jgit-javadoc-5.11.0-150200.3.23.1.noarch",
"product_id": "jgit-javadoc-5.11.0-150200.3.23.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-150200.3.23.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:jgit-5.11.0-150200.3.23.1.noarch"
},
"product_reference": "jgit-5.11.0-150200.3.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jgit-5.11.0-150200.3.23.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:jgit-5.11.0-150200.3.23.1.noarch"
},
"product_reference": "jgit-5.11.0-150200.3.23.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eclipse-jgit-5.11.0-150200.3.23.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:eclipse-jgit-5.11.0-150200.3.23.1.noarch"
},
"product_reference": "eclipse-jgit-5.11.0-150200.3.23.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4949"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This vulnerability can lead to information disclosure, denial of service, and other security issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jgit-5.11.0-150200.3.23.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jgit-5.11.0-150200.3.23.1.noarch",
"openSUSE Leap 15.6:eclipse-jgit-5.11.0-150200.3.23.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4949",
"url": "https://www.suse.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "SUSE Bug 1243647 for CVE-2025-4949",
"url": "https://bugzilla.suse.com/1243647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jgit-5.11.0-150200.3.23.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jgit-5.11.0-150200.3.23.1.noarch",
"openSUSE Leap 15.6:eclipse-jgit-5.11.0-150200.3.23.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:jgit-5.11.0-150200.3.23.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:jgit-5.11.0-150200.3.23.1.noarch",
"openSUSE Leap 15.6:eclipse-jgit-5.11.0-150200.3.23.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T12:45:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-4949"
}
]
}
CVE-2025-4949
Vulnerability from fstec - Published: 15.05.2025
VLAI Severity ?
Title
Уязвимость классов ManifestParser и AmazonS3 системы контроля версий Git на языке Java Eclipse JGit, позволяющая нарушителю проводить XXE-атаки
Description
Уязвимость классов ManifestParser и AmazonS3 системы контроля версий Git на языке Java Eclipse JGit связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки
Severity ?
Vendor
Gradle Inc., Eclipse Foundation
Software Name
Gradle, Eclipse JGit
Software Version
8.14.3 (Gradle), до 7.2.0.202503040940-r включительно (Eclipse JGit)
Possible Mitigations
Использование рекомендаций производителя:
https://gitlab.eclipse.org/security/cve-assignment/-/issues/64
Reference
https://gitlab.eclipse.org/security/cve-assignment/-/issues/64
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
https://projects.eclipse.org/projects/technology.jgit/releases/5.13.4
https://projects.eclipse.org/projects/technology.jgit/releases/6.10.1
https://projects.eclipse.org/projects/technology.jgit/releases/7.0.1
https://projects.eclipse.org/projects/technology.jgit/releases/7.1.1
https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1
CWE
CWE-611, CWE-827
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CVSS 4.0": "AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Gradle Inc., Eclipse Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8.14.3 (Gradle), \u0434\u043e 7.2.0.202503040940-r \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Eclipse JGit)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://gitlab.eclipse.org/security/cve-assignment/-/issues/64",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.02.2026",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01705",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-4949",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Gradle, Eclipse JGit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u043e\u0432 ManifestParser \u0438 AmazonS3 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 Git \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Java Eclipse JGit, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b (CWE-611), \u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 (CWE-827)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u043e\u0432 ManifestParser \u0438 AmazonS3 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 Git \u043d\u0430 \u044f\u0437\u044b\u043a\u0435 Java Eclipse JGit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://gitlab.eclipse.org/security/cve-assignment/-/issues/64\nhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281\nhttps://projects.eclipse.org/projects/technology.jgit/releases/5.13.4\nhttps://projects.eclipse.org/projects/technology.jgit/releases/6.10.1\nhttps://projects.eclipse.org/projects/technology.jgit/releases/7.0.1\nhttps://projects.eclipse.org/projects/technology.jgit/releases/7.1.1\nhttps://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-611, CWE-827",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…