{
  "schema_version": "1.7.0",
  "id": "RHSA-2026:33372",
  "related": [],
  "upstream": [
    "CVE-2025-9784",
    "CVE-2025-12543",
    "CVE-2025-23184"
  ],
  "published": "2026-06-30T10:49:44Z",
  "modified": "2026-06-30T10:49:44Z",
  "summary": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"
    }
  ],
  "affected": [
    {
      "package": {
        "name": "eap7-undertow",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7",
        "purl": "pkg:rpm/redhat/eap7-undertow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:1.4.18-21.SP19_redhat_00001.1.ep7.el7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.1.16-7.redhat_00007.1.ep7.el7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-rt",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-rt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.1.16-7.redhat_00007.1.ep7.el7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-services",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-services"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.1.16-7.redhat_00007.1.ep7.el7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "name": "eap7-apache-cxf-tools",
        "ecosystem": "Red Hat:jboss_enterprise_application_platform_eus:7.1::el7",
        "purl": "pkg:rpm/redhat/eap7-apache-cxf-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0:3.1.16-7.redhat_00007.1.ep7.el7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:33372"
    },
    {
      "type": "ARTICLE",
      "url": "https://access.redhat.com/security/updates/classification/#important"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"
    },
    {
      "type": "ARTICLE",
      "url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/7.1.0_release_notes/index"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/JBEAP-31620"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/JBEAP-33273"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/JBEAP-33278"
    },
    {
      "type": "ADVISORY",
      "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33372.json"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-9784"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/undertow-io/undertow/pull/1778"
    },
    {
      "type": "ARTICLE",
      "url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
    },
    {
      "type": "ARTICLE",
      "url": "https://issues.redhat.com/browse/UNDERTOW-2598"
    },
    {
      "type": "ARTICLE",
      "url": "https://kb.cert.org/vuls/id/767506"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-12543"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-23184"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
    },
    {
      "type": "ARTICLE",
      "url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
    }
  ]
}