{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright © Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.17 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.16, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.17 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection (CVE-2026-0603)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)\n\n* undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded (CVE-2024-3884)\n\n* cxf: CXF JMS Code Execution Vulnerability (CVE-2025-48913)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2026:6011", "url": "https://access.redhat.com/errata/RHSA-2026:6011" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index" }, { "category": "external", "summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index" }, { "category": "external", "summary": "2275287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287" }, { "category": "external", "summary": "2367730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730" }, { "category": "external", "summary": "2387221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221" }, { "category": "external", "summary": "2427147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147" }, { "category": "external", "summary": "JBEAP-31431", "url": "https://issues.redhat.com/browse/JBEAP-31431" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6011.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update", "tracking": { "current_release_date": "2026-05-21T08:11:27+00:00", "generator": { "date": "2026-05-21T08:11:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.8.0" } }, "id": "RHSA-2026:6011", "initial_release_date": "2026-03-30T11:00:14+00:00", "revision_history": [ { "date": "2026-03-30T11:00:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2026-03-30T11:00:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2026-05-21T08:11:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "product_id": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-21.Final_redhat_00023.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "product": { "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "product_id": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-7.SP8_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "product": { "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-1.r_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "product": { "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "product": { "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "product_id": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-3.SP2_redhat_00003.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "product": { "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "product_id": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.17-5.GA_redhat_00006.1.el7eap?arch=src" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "product": { "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "product_id": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.3.0-2.SP1_redhat_00002.1.el7eap?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-21.Final_redhat_00023.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "product_id": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-7.SP8_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "product_id": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-eclipse-jgit@5.13.5.202508271544-1.r_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product": { "name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_id": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.38-1.Final_redhat_00001.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_id": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-3.SP2_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_id": "eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-3.SP2_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_id": "eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-3.SP2_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product": { "name": "eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_id": "eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-3.SP2_redhat_00003.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_id": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly@7.3.17-5.GA_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.17-5.GA_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_id": "eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.17-5.GA_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_id": "eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.17-5.GA_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product": { "name": "eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_id": "eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.17-5.GA_redhat_00006.1.el7eap?arch=noarch" } } }, { "category": "product_version", "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "product": { "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "product_id": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/eap7-jbossws-cxf@5.3.0-2.SP1_redhat_00002.1.el7eap?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src" }, "product_reference": "eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch" }, "product_reference": "eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src" }, "product_reference": "eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch" }, "product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch" }, "product_reference": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src" }, "product_reference": "eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch" }, "product_reference": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" }, "product_reference": "eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src" }, "product_reference": "eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" }, { "category": "default_component_of", "full_product_name": { "name": "eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server", "product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" }, "product_reference": "eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "relates_to_product_reference": "7Server-JBEAP-7.3-EUS" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-3884", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-04-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2275287" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParse(StreamSourceChannel) method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows unauthorized users to cause a remote denial of service (DoS) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as a Moderate impact since this requires the use of a specific form method by the server that must be externally available and the input is not sanitized by the given servlet or class implementing its use.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-3884" }, { "category": "external", "summary": "RHBZ#2275287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2275287" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-3884", "url": "https://www.cve.org/CVERecord?id=CVE-2024-3884" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3884" } ], "release_date": "2025-12-03T16:50:50+00:00", "remediations": [ { "category": "vendor_fix", "date": "2026-03-30T11:00:14+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2026:6011" }, { "category": "workaround", "details": "It is possible to mitigate the vulnerability by performing an upper-level verification to ensure the content size sent server side is within the allowed parameters.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded" }, { "cve": "CVE-2025-4949", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2025-05-21T07:00:48.762597+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2367730" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit's ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-4949" }, { "category": "external", "summary": "RHBZ#2367730", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949", "url": "https://www.cve.org/CVERecord?id=CVE-2025-4949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949" }, { "category": "external", "summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64", "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64" }, { "category": "external", "summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281", "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" }, { "category": "external", "summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1", "url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1" } ], "release_date": "2025-05-21T06:47:19.777000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2026-03-30T11:00:14+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2026:6011" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit" }, { "cve": "CVE-2025-48913", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2025-08-08T10:00:54.007824+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2387221" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw should be considered Important because the impact goes beyond a simple denial of service or configuration misuse. By allowing untrusted users to configure JMS with RMI or LDAP URLs, attackers could achieve remote code execution by loading attacker-controlled classes or objects. Although this requires the precondition that the attacker has access to JMS configuration, in many enterprise deployments this may be exposed through integration layers or misconfigured permissions, making the attack surface broader than a purely local or limited-scope scenario.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2025-48913" }, { "category": "external", "summary": "RHBZ#2387221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387221" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2025-48913", "url": "https://www.cve.org/CVERecord?id=CVE-2025-48913" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48913" }, { "category": "external", "summary": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83", "url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83" } ], "release_date": "2025-08-08T09:21:22.208000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2026-03-30T11:00:14+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2026:6011" }, { "category": "workaround", "details": "To reduce risk, deployments should restrict the allowed protocols in JMS configuration to trusted and expected values only. In particular, disallow the use of rmi:// and ldap:// URLs, which could be abused for remote class loading and code execution.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability" }, { "acknowledgments": [ { "names": [ "Christiaan Swiers" ], "organization": "YouGina" }, { "names": [ "Tommy Williams" ], "organization": "HeroDevs" } ], "cve": "CVE-2026-0603", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" }, "discovery_date": "2026-01-05T13:12:29.816000+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2427147" } ], "notes": [ { "category": "description", "text": "A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability is rated Important for Red Hat products as it allows a remote attacker with low privileges to perform second-order SQL injection in applications using Hibernate's InlineIdsOrClauseBuilder with unsanitized non-alphanumeric characters in the ID column. This could lead to sensitive information disclosure and data manipulation or deletion.Affected Hibernate ORM versions are 5.2.8 through 5.6.15 (inclusive); earlier versions are not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "known_not_affected": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2026-0603" }, { "category": "external", "summary": "RHBZ#2427147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427147" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0603", "url": "https://www.cve.org/CVERecord?id=CVE-2026-0603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0603" } ], "release_date": "2026-01-19T10:10:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2026-03-30T11:00:14+00:00", "details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2026:6011" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "products": [ "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-3.SP2_redhat_00003.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-3.SP2_redhat_00003.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-eclipse-jgit-0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-0:5.3.38-1.Final_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-hibernate-core-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-entitymanager-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-envers-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-hibernate-java8-0:5.3.38-1.Final_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-21.Final_redhat_00023.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-21.Final_redhat_00023.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-jbossws-cxf-0:5.3.0-2.SP1_redhat_00002.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-7.SP8_redhat_00001.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.17-5.GA_redhat_00006.1.el7eap.src", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch", "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.17-5.GA_redhat_00006.1.el7eap.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection" } ] }