{ "schema_version": "1.7.0", "id": "RHSA-2025:1746", "related": [], "upstream": [ "CVE-2020-8840", "CVE-2020-9546", "CVE-2020-9547", "CVE-2020-9548", "CVE-2020-10672", "CVE-2020-10673", "CVE-2020-13936", "CVE-2021-3717", "CVE-2021-44228", "CVE-2021-45046", "CVE-2022-1471", "CVE-2022-41881", "CVE-2022-42003", "CVE-2022-42004", "CVE-2022-42889", "CVE-2022-45047", "CVE-2022-45693", "CVE-2022-46363" ], "published": "2025-02-24T10:02:47Z", "modified": "2026-05-06T10:03:19Z", "summary": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.9 on RHEL 7 security update", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "affected": [ { "package": { "name": "eap7-jackson-databind", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-jackson-databind" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:2.8.11.6-2.SP1_redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-atom-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-atom-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-cdi", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-cdi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-client", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-client" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-crypto", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-crypto" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jackson-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jackson-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jackson2-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jackson2-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jaxb-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jaxb-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jaxrs", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jaxrs" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jettison-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jettison-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jose-jwt", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jose-jwt" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-jsapi", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-jsapi" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-json-p-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-json-p-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-multipart-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-multipart-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-spring", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-spring" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-validator-provider-11", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-validator-provider-11" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-resteasy-yaml-provider", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-resteasy-yaml-provider" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.0.27-1.Final_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-velocity", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-velocity" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.7.0-3.redhat_00006.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-wildfly", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-wildfly" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:7.1.9-2.GA_redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-wildfly-modules", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-wildfly-modules" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:7.1.9-2.GA_redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-apache-cxf", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-apache-cxf" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.1.16-4.redhat_00003.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-apache-cxf-rt", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.1.16-4.redhat_00003.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-apache-cxf-services", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-apache-cxf-services" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.1.16-4.redhat_00003.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-apache-cxf-tools", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.1.16-4.redhat_00003.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-jettison", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-jettison" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.3.8-2.redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-netty", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-netty" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.1.63-1.Final_redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-netty-all", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-netty-all" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:4.1.63-1.Final_redhat_00002.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "eap7-snakeyaml", "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7", "purl": "pkg:rpm/redhat/eap7-snakeyaml" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:1.33.0-1.SP1_redhat_00001.1.ep7.el7" } ], "type": "ECOSYSTEM" } ] } ], "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2025:1746" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "type": "ARTICLE", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1" }, { "type": "ARTICLE", "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937440" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991305" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030932" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2032580" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155681" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "type": "ARTICLE", "url": "https://issues.redhat.com/browse/JBEAP-28583" }, { "type": "ADVISORY", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1746.json" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-13936" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13936" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2021-3717" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3717" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3717" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/cve/CVE-2021-44228" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2021-009" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-jfh8-c2jp-5v3q" }, { "type": "ARTICLE", "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "type": "ARTICLE", "url": "https://www.lunasec.io/docs/blog/log4j-zero-day/" }, { "type": "ARTICLE", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2021-45046" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45046" }, { "type": "ARTICLE", "url": "https://www.openwall.com/lists/oss-security/2021/12/14/4" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "type": "ARTICLE", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-41881" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "type": "ARTICLE", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "type": "ARTICLE", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "type": "ARTICLE", "url": "https://seclists.org/oss-sec/2022/q4/22" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "type": "ARTICLE", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-46363" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46363" }, { "type": "ARTICLE", "url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c" } ] }